The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST,
they should ALL be treats as bad data until normalized and sanitized.  The
claim that it opens a security hole  is  just false, that’s like saying PHP
is insecure, its not it just allows for lazy coding such as $_REQUEST. 

David Murphy

-----Original Message-----
From: [] On Behalf Of
Sent: Monday, February 22, 2010 3:03 PM
To: Joseph Thayne
Cc: Slack-Moehrle; php-general
Subject: Re: [PHP] $_POST vs $_REQUEST


> I am not sure what the security issues are you are referring to as the
> $_REQUEST superglobal contains both $_GET and $_POST values.  Could you
> expound on that?  Thanks.

Not really, do a search.

Richard Heyes
HTML5 canvas graphing: RGraph - (updated 20th
Lots of PHP and Javascript code -

PHP General Mailing List (
To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to