On Mon, 2009-04-13 at 15:47 -0700, Michael A. Peters wrote:
Daevid Vincent wrote:
Just to clarify. Obfuscation is NOT a substitute for security. While I don't
disagree with the when's here of GET vs POST, this statement is a bit
misleading...
Any cracker worth his salt can easily
Ashley Sheridan wrote:
On Mon, 2009-04-13 at 15:47 -0700, Michael A. Peters wrote:
I think doing it that way also has search engine indexing advantages.
I've done a bit of research into that, and can't find any evidence to
suggest that the so-called friendly URL's are actually of any
$_REQUEST is less secure because it also contains cookie data.
If you manage just to set a cookie, with the name act and value logout,
the user will infinitely log out - You get the point.
On Sun, Apr 12, 2009 at 10:56 PM, Jason Pruim ja...@jasonpruim.com wrote:
On Apr 12, 2009, at 1:48 PM,
$_REQUEST is not any less secure then $_POST/$_GET/$_COOKIE, they all
contain raw user data.
The way $_REQUEST is being used in this example is not less secure then
using $_GET. It does open up an exploit but this is not because $_REQUEST is
less secure.
The same exploit exists with $_GET, I
On Tue, Apr 14, 2009 at 07:58:24AM +0100, Ashley Sheridan wrote:
snip
I've done a bit of research into that, and can't find any evidence to
suggest that the so-called friendly URL's are actually of any benefit
to search engines. Just put a question into Google, and more often than
not, the
On Tue, Apr 14, 2009 at 8:40 AM, Paul M Foster pa...@quillandmouse.com wrote:
On Tue, Apr 14, 2009 at 07:58:24AM +0100, Ashley Sheridan wrote:
snip
I've done a bit of research into that, and can't find any evidence to
suggest that the so-called friendly URL's are actually of any benefit
to
-
From: Jason Pruim [mailto:ja...@jasonpruim.com]
Sent: Sunday, April 12, 2009 12:57 PM
Subject: Re: [PHP] $_GET verses $_POST
POST does not display anything in the browser, so as others have said it's
perfect for login's since that info will never be visible to the user
Daevid Vincent wrote:
Just to clarify. Obfuscation is NOT a substitute for security. While I don't
disagree with the when's here of GET vs POST, this statement is a bit
misleading...
Any cracker worth his salt can easily install any number of Firefox
extensions or unix command line tools and
On 4/12/09 10:23 AM, Ron Piggott ron@actsministries.org wrote:
How do I know when to use $_GET verses $_POST?
i use GET when i want the user to be able to email the link to someone,
mention it on a blog or bookmark it and it will always yield the same page.
i use POST if submitting the
On 4/13/09 6:47 PM, Michael A. Peters mpet...@mac.com wrote:
For me the biggest advantage of post is the URLs aren't ugly.
For cases where get with a variable in the URL is useful (IE
product=BluePhone) - I prefer to handle that via mod_rewrite.
The requests get handled by generic.php and
How do I know when to use $_GET verses $_POST?
Is there a pre defined variable that does both?
Ron
From: ron@actsministries.org
To: php-general@lists.php.net
Date: Sun, 12 Apr 2009 10:23:01 -0400
Subject: [PHP] $_GET verses $_POST
How do I know when to use $_GET verses $_POST?
Is there a pre defined variable that does both?
Ron
Hi Ron,
One thing you should know
$_GET when the form uses get or parameters are passed via the
querystring
$_POST when the form method is post
$_REQUEST does both
Bastien
Sent from my iPod
On Apr 12, 2009, at 10:23, Ron Piggott ron@actsministries.org
wrote:
How do I know when to use $_GET verses $_POST?
Is there
One thing you should know is that when you use $_GET, you'll be sending a
little information about the particular page to the browser and therefore it
would be displayed in the address bar so for example if you're using get on
a login page, you'll be showing user id and passwrod in the address
Thanks. I got my script updated. Ron
On Sun, 2009-04-12 at 22:33 +0600, 9el wrote:
One thing you should know is that when you use $_GET, you'll
be sending a little information about the particular page to
the browser and therefore it would be
There are no real security issues with the $_REQUEST object. What
needs to be taken into consideration is that the order that the PHP
engine gathers data from the system ( GPCS ) and the potential issues
having cookies or session data named the same as the actual data you
are trying to
On Apr 12, 2009, at 1:48 PM, Ron Piggott wrote:
Thanks. I got my script updated. Ron
There are a few other thing's that I didn't see mentioned...
The best description of when to use what, is this.. Use POST when you
are submitting a form for storing info, using GET when you are
Jason Pruim wrote:
On Apr 12, 2009, at 1:48 PM, Ron Piggott wrote:
Thanks. I got my script updated. Ron
There are a few other thing's that I didn't see mentioned...
The best description of when to use what, is this.. Use POST when you
are submitting a form for storing info, using GET
18 matches
Mail list logo
