> I'll say it again:
> regsiter_globals has *NOTHING* to do with $_REQUEST.
> Zero.
> Zilch.
> Nada.
> Zip.

To me it allows for the same [lazy] behavior. Period. I've had other
people agree. Say what you want about it.

> No, it only relies on one "Designer" who wants their request to look
> like a FORM and another "Designer" who wants their request to look
> like a link.

I've never had to write an app where I allow GET and POST. Either way
can be created using a form, a button, a link, etc. Pick one and stick
with it.

> And I don't really *CARE* if the search terms (or whatever input it
> its) comes from GET versus POST as there is NO Security difference
> whatsoever.
> They need equal filtration.


> The point is that GET and/or POST are equally tainted data, and that I
> wish to provide the same services to either kind of request, and there
> is NO DIFFERENCE between them for this service.

I disagree with that approach to a web application.

> You're still not getting the point.

No, I get it. I was too vague in my original message. To me newbies
picked up PHP easily because "hey, this query string variable is $foo
just like when I do a post variable of $foo!" and $_REQUEST to them is
their way to get around a register_globals = off installation. I've
seen it many times with people just learning PHP. I associate the use
of $_REQUEST with people new to PHP, because I've seen it many times.
Also when told about $_GET, $_POST, $_COOKIE, etc... they realized how
much cleaner that is and adjust appropriately.

> There *ARE* valid reasons for allowing GET and POST to be used
> inter-changably.
> Consider a stupid simple web "service" that lets you look up
> Longitude, Latitude by zip code from their own website.

> Do you really CARE if they use a link or a form to REQUEST the
> long/lat with the zip input?
> No.  You don't.

You're right - I don't. But I tell them to use GET or POST and they
prepare their client-side code appropriately. Both ways can be done. I
don't make my applications lazy and then allow two interfaces to them
when one is perfectly fine and allows for one consistent interaction

> But please do NOT spread mis-information that using $_REQUEST un-does
> what turning register_globals off does.  Because that is simply not
> factually correct, no matter how you feel about $_REQUEST.

Eh, you call it mis-information. I call it advising on how to code a
tighter web application.

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to