On Jan 5, 2008 3:48 PM, Stefan Esser <[EMAIL PROTECTED]> wrote: > Hello, > >> typing into PHP, even if it is optional. Passing $_REQUEST['age'] to a > >> > > that $_REQUEST['age'] has been checked for numeric before the functio > > would you please not use $_REQUEST in any of your examples? $_REQUEST is > one of the biggest design weaknesses in PHP. Every application using > $_REQUEST is most probably vulnerable to Delayed Cross Site Request > Forgery problems. (This basically means if e.g. a cookie named (age) > exists it will always overwrite the GET/POST content and therefore > unwanted requests will be performed)
It may be off-topic for the initial post, but I disagree wholeheartedly with the above statement, Stefan. There are innumerable reasons where $_REQUEST would be much more economic than writing out all conditions for $_POST, $_GET, $_SESSION, $_COOKIE.... It's certainly not 100% advantageous, but that's the reason why we make the Big Bucks[tm], right? *cough* Right? /me cries softly in the corner. -- Daniel P. Brown [Phone Numbers Go Here!] [They're Hidden From View!] If at first you don't succeed, stick to what you know best so that you can make enough money to pay someone else to do it for you. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php