Ninjakreborn Posted April 24, 2007 Share Posted April 24, 2007 I have always used the following $_POST for post variables $_GET for get variables $_SESSION for session variables $_COOKIES for cookie variables and $_FILES for file variables. I am not 100% but lately I have noticed I sometimes have 1 defining variable that could be either get/post. I noticed using $_REQUEST on ones that could be either, is that basically the same thing. Is it insecure. For instance id's. sometimes they are post, sometimes get. I normally use to do if (isset($_POST['id'])) { $id = mysql_real_escape_string($_POST['id']); }elseif (isset($_GET['id'])) { $id = mysql_real_escape_string($_GET['id']); }else { $id = "no"; } Basically but the other way things are like if (isset($_REQUEST['id'])) { $id = mysql_real_escape_string($_REQUEST['id']); }else { $id = "no"; } Basically just a quick example, I notice that if I have this setup like this, it's a little faster. Is there something wrong with the request variable. Mostly for "switch" statements (like a front controller or something), there would be different variables getting passed to the controller (sometimes post/sometimes get) so I was thinking request would be faster. Since I have never used it I wanted to check what you thought about it first, and see if there was anything wrong, or insecure about using request. Link to comment https://forums.phpfreaks.com/topic/48470-solved-personal-stylesecurity/ Share on other sites More sharing options...
taith Posted April 24, 2007 Share Posted April 24, 2007 thing about using $_REQUEST... is that it contains both $_POST and $_GET... now... as that seems a good thing... its not always is... a) it can be a huge security hole, if the variables are not properly verified and/or cleaned up... b) if something comes in by the same name through $_POST and $_GET, making $_REQUEST[$name]=array('name1','name2'); which could cause some serious errors... so... $_REQUEST may be helpful, i'd just be really careful with how and where you use em... definatly not for logins Link to comment https://forums.phpfreaks.com/topic/48470-solved-personal-stylesecurity/#findComment-237033 Share on other sites More sharing options...
Ninjakreborn Posted April 24, 2007 Author Share Posted April 24, 2007 That I did not think of, in that scenariou they could pass an array, I have to look into that more, thanks. Link to comment https://forums.phpfreaks.com/topic/48470-solved-personal-stylesecurity/#findComment-237428 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.