It's bad form because you should know whether data is being passed to you from a form or via the url. You can post a form to a url that contains parameters, in which case some data will be in the $_GET array and some in the $_POST array. What happens if you have a parameter in the url with the same name as a form field? One of them will be missing in the $_REQUEST array. If you don't know which way a piece of data will be coming in, then you probably have a poorly designed site. The other thing to remember is that a url (meaning what's in the $_GET), gets recorded in the web server log. An unencrypted, plain text file. Nothing private she get recorded there.
The rule to follow is that $_GET should be used to retrieve data from the server, $_POST should be used to pass data to the server. On 10/12/07, Brian D. <[EMAIL PROTECTED]> wrote: > I can't find where I read it originally, but somewhere I've been told > or read that "using $_REQUEST is bad form." I understand that in cases > where you want to force a $_POST request, but if you might receive > $_GET or $_POST then isn't is better than doing if/elses? > > The only related thing I could find on Google was this guy ( > http://mypetprogrammer.com/blog/?p=15 ) but he seems to erroneously > believe that using $_POST somehow saves you from a SQL injection > attack. > > I'm also thinking that some servers don't use the $_REQUEST array. > > Can you define why it's bad form? When is it considered acceptable to use? > > Thanks! > - B. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
