subject:"Re\: \[PHP\-DEV\] Re\: The new $_GET\/POST\/ENV $was\: Re\: \[PHP\-CVS\] cvs\:php4 \/ NEWS...$"

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs:php4 / NEWS...)

2001-08-08 Thread Jani Taskinen


On Wed, 8 Aug 2001, Cynic wrote:

>At 20:14 8/8/2001, Jani Taskinen wrote the following:
>--
>>On Wed, 8 Aug 2001, Cynic wrote:
>>
>>>How about $_DONT_TOUCH_THIS ? :)
>>>Seriously though, I vote for $_REQUEST. After all, it contains
>>>data which is (generally) tied to one particular request...
>>
>>This reminds me that should the $_FILES be included in this
>>data too? As it's also something you shouldn't trust and
>>it's also coming from the user.
>
>Yeah. And $_SESSION too.

Nope. It doesn't come from the user.

--Jani



-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs:php4 / NEWS...)

2001-08-08 Thread Jani Taskinen


On Wed, 8 Aug 2001, Cynic wrote:

>At 20:02 8/8/2001, Zeev Suraski wrote the following:
>--
>>At 21:01 08-08-01, Jani Taskinen wrote:
>>
>>>[moving this to php-dev]
>>>
>>>First: Great! Woohoo! Thanks Zeev!
>>
>>Andi helped with it too :)
>>
>>I vote for $_EVIL :)
>
>How about $_DONT_TOUCH_THIS ? :)
>Seriously though, I vote for $_REQUEST. After all, it contains
>data which is (generally) tied to one particular request...

This reminds me that should the $_FILES be included in this
data too? As it's also something you shouldn't trust and
it's also coming from the user.

--Jani



-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs:php4 / NEWS...)

2001-08-08 Thread Jani Taskinen

On Wed, 8 Aug 2001, Zeev Suraski wrote:

>At 21:01 08-08-01, Jani Taskinen wrote:
>
>>[moving this to php-dev]
>>
>>First: Great! Woohoo! Thanks Zeev!
>
>Andi helped with it too :)

Ah. Thanks Andi! :)

>I vote for $_EVIL :)

I am not kidding. Naming it like that would definately
be a clear sign for everyone that this stuff is not safe
to use just as it is.

--Jani

-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs:php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs:php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs:php4 / NEWS...)

3 matches

Site Navigation

Mail list logo

Footer information