Ninjakreborn Posted April 24, 2007 Share Posted April 24, 2007 I have always used the following $_POST for post variables $_GET for get variables $_SESSION for session variables $_COOKIES for cookie variables and $_FILES for file variables. I am not 100% but lately I have noticed I sometimes have 1 defining variable that could be either get/post. I noticed using $_REQUEST on ones that could be either, is that basically the same thing. Is it insecure. For instance id's. sometimes they are post, sometimes get. I normally use to do if (isset($_POST['id'])) { $id = mysql_real_escape_string($_POST['id']); }elseif (isset($_GET['id'])) { $id = mysql_real_escape_string($_GET['id']); }else { $id = "no"; } Basically but the other way things are like if (isset($_REQUEST['id'])) { $id = mysql_real_escape_string($_REQUEST['id']); }else { $id = "no"; } Basically just a quick example, I notice that if I have this setup like this, it's a little faster. Is there something wrong with the request variable. Mostly for "switch" statements (like a front controller or something), there would be different variables getting passed to the controller (sometimes post/sometimes get) so I was thinking request would be faster. Since I have never used it I wanted to check what you thought about it first, and see if there was anything wrong, or insecure about using request. Quote Link to comment Share on other sites More sharing options...
taith Posted April 24, 2007 Share Posted April 24, 2007 thing about using $_REQUEST... is that it contains both $_POST and $_GET... now... as that seems a good thing... its not always is... a) it can be a huge security hole, if the variables are not properly verified and/or cleaned up... b) if something comes in by the same name through $_POST and $_GET, making $_REQUEST[$name]=array('name1','name2'); which could cause some serious errors... so... $_REQUEST may be helpful, i'd just be really careful with how and where you use em... definatly not for logins Quote Link to comment Share on other sites More sharing options...
Ninjakreborn Posted April 24, 2007 Author Share Posted April 24, 2007 That I did not think of, in that scenariou they could pass an array, I have to look into that more, thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.