There are no real security issues with the $_REQUEST object. What needs to be taken into consideration is that the order that the PHP engine gathers data from the system ( GPCS ) and the potential issues having cookies or session data named the same as the actual data you are trying to access via the request array.


Sent from my iPod

On Apr 12, 2009, at 13:48, Ron Piggott <> wrote:

Thanks.  I got my script updated.  Ron

On Sun, 2009-04-12 at 22:33 +0600, 9el wrote:

       One thing you should know is that when you use $_GET, you'll
       be sending a little information about the particular page to
       the browser and therefore it would be displayed in the address
       bar so for example if you're using get on a login page, you'll
       be showing user id and passwrod in the address bar. $_POST
       does the exact opposite of $_GET in that aspect and it's
       ideal. $_REQUEST does both.

Its also important to know that some critical information like
multipart meta data cant be sent via get. And GET method is not safe
Large chunks of data are sent via POST method.

$_REQUEST is not advised to use for security reasons.. there are
senior and experienced programmers here who will elaborate more onto
this :)

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to