Jump to content

[SOLVED] Personal Style/Security


Ninjakreborn

Recommended Posts

I have always used the following

$_POST for post variables

$_GET for get variables

$_SESSION for session variables

$_COOKIES for cookie variables

and $_FILES for file variables.

I am not 100% but lately I have noticed I sometimes have 1 defining variable that could be either get/post.  I noticed using $_REQUEST on ones that could be either, is that basically the same thing.  Is it insecure.  For instance id's.  sometimes they are post, sometimes get.

I normally use to do

if (isset($_POST['id'])) {

$id = mysql_real_escape_string($_POST['id']);

}elseif (isset($_GET['id'])) {

$id = mysql_real_escape_string($_GET['id']);

}else {

$id = "no";

}

Basically but the other way things are like

if (isset($_REQUEST['id'])) {

$id = mysql_real_escape_string($_REQUEST['id']);

}else {

$id = "no";

}

Basically just a quick example, I notice that if I have this setup like this, it's a little faster.

Is there something wrong with the request variable.  Mostly for "switch" statements (like a front controller or something), there would be different variables getting passed to the controller (sometimes post/sometimes get) so I was thinking request  would be faster.  Since I have never used it I wanted to check what you thought about it first, and see if there was anything wrong, or insecure about using request.

Link to comment
https://forums.phpfreaks.com/topic/48470-solved-personal-stylesecurity/
Share on other sites

thing about using $_REQUEST... is that it contains both $_POST and $_GET... now... as that seems a good thing... its not always is... a) it can be a huge security hole, if the variables are not properly verified and/or cleaned up... b) if something comes in by the same name through $_POST and $_GET, making $_REQUEST[$name]=array('name1','name2'); which could cause some serious errors...

 

so... $_REQUEST may be helpful, i'd just be really careful with how and where you use em... definatly not for logins

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.