Op 2/24/10 11:18 AM, Ashley Sheridan schreef:
On Wed, 2010-02-24 at 07:55 +, Jochem Maas wrote:
Op 2/22/10 10:49 PM, John Black schreef:
On 02/22/2010 11:42 PM, Michael Shadle wrote:
The difference here is you can at least have some control over the data
and expect it in a certain
sry i gotta disagree.
a function that queries $_POST/$_GET first and then $_COOKIE seems
much wiser to me.
it consolidates all logic in the script, and making that logic obvious
by syntax, rather than relying on functionality being determined by
php.ini, which could well cause a new developer to
Hi,
Well people better than me (how is that possible?!) have said that
$_REQUEST has the potential to open your app up to security
vulnerabilities, and that it should be avoided because of that. Here's
a post from Stephan Esser about it on the PHP-Internals list:
On Tue, 2010-02-23 at 09:19 +, Richard wrote:
Hi,
Well people better than me (how is that possible?!) have said that
$_REQUEST has the potential to open your app up to security
vulnerabilities, and that it should be avoided because of that. Here's
a post from Stephan Esser about it on
From: Rene Veerman [mailto:rene7...@gmail.com]
On Mon, Feb 22, 2010 at 9:39 PM, Slack-Moehrle
Single quotes is best, correct to prevent sql injection?
sql injection fixing is an evolving art, but you can start by pushing
all variables that can be changed by end-users going into a database
At 11:07 PM +0100 2/22/10, John Black wrote:
On 02/22/2010 10:37 PM, Michael Shadle wrote:
On Mon, Feb 22, 2010 at 1:30 PM, David
Murphyda...@icewatermedia.com wrote:
Richard,
The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST,
they should ALL be treats as bad data until
Op 2/23/10 10:27 AM, Ashley Sheridan schreef:
On Tue, 2010-02-23 at 09:19 +, Richard wrote:
Hi,
Well people better than me (how is that possible?!) have said that
$_REQUEST has the potential to open your app up to security
vulnerabilities, and that it should be avoided because of that.
Hi,
I have Forms that I submit for processing. I have seen examples of people
using either $_POST or $_REQUEST.
When would I choose one over the other?
It's a wise choice to go with $_POST, unless your form is a GET form,
in which case use $_GET. $_REQUEST has the potential to open your
On Tue, Feb 23, 2010 at 2:39 AM, Slack-Moehrle
mailingli...@mailnewsrss.com wrote:
Hi All,
I have Forms that I submit for processing. I have seen examples of people
using either $_POST or $_REQUEST.
When would I choose one over the other?
Also, I see examples of these being used with and
Richard wrote:
It's a wise choice to go with $_POST, unless your form is a GET form,
in which case use $_GET. $_REQUEST has the potential to open your
script(s) up to security issues.
I am not sure what the security issues are you are referring to as the
$_REQUEST superglobal contains
On Mon, Feb 22, 2010 at 9:39 PM, Slack-Moehrle
mailingli...@mailnewsrss.com wrote:
Hi All,
I have Forms that I submit for processing. I have seen examples of people
using either $_POST or $_REQUEST.
When would I choose one over the other?
I like to be specific and go for $_POST, but some
On 02/22/2010 09:39 PM, Slack-Moehrle wrote:
Hi All,
I have Forms that I submit for processing. I have seen examples of people using
either $_POST or $_REQUEST.
When would I choose one over the other?
When you don't care how you get the data use $_REQUEST.
$_REQUEST will contain
i'd expect without quotes to query a define('j_orderValue','??')..
oh, and that, if not defined, defaults to the string 'j_orderValue'.
So while your $_POST[] with or without quotes will do the same, use
single-quotes anyway because it's the right thing to do ;)
--
PHP General Mailing List
Hi,
I am not sure what the security issues are you are referring to as the
$_REQUEST superglobal contains both $_GET and $_POST values. Could you
expound on that? Thanks.
Not really, do a search.
--
Richard Heyes
HTML5 canvas graphing: RGraph - http://www.rgraph.net (updated 20th
Hi Slack-Moehrle
Slack-Moehrle wrote on 22/02/2010 21:39:
Hi All,
I have Forms that I submit for processing. I have seen examples of people using
either $_POST or $_REQUEST.
When would I choose one over the other?
$_REQUEST['test'] is true on both $_GET['test'] and $_POST['test']
I use it
I have Forms that I submit for processing. I have seen examples of people
using either $_POST or $_REQUEST.
Look at this example:
form action=page.php?foo=bar
input type=hidden name=foo value=pub
/form
Now what do you thing $_REQUEST will return? You had better not even
think. Just use
On Mon, Feb 22, 2010 at 12:55 PM, Joseph Thayne webad...@thaynefam.org wrote:
I am not sure what the security issues are you are referring to as the
$_REQUEST superglobal contains both $_GET and $_POST values. Could you
expound on that? Thanks.
$_REQUEST opens you up to POST/GET values
such as $_REQUEST.
David Murphy
-Original Message-
From: richard.he...@gmail.com [mailto:richard.he...@gmail.com] On Behalf Of
Richard
Sent: Monday, February 22, 2010 3:03 PM
To: Joseph Thayne
Cc: Slack-Moehrle; php-general
Subject: Re: [PHP] $_POST vs $_REQUEST
Hi,
I am not sure what
On Mon, Feb 22, 2010 at 1:30 PM, David Murphy da...@icewatermedia.com wrote:
Richard,
The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST,
they should ALL be treats as bad data until normalized and sanitized. The
claim that it opens a security hole is just false,
John,
Then if you use a MySQL database you would escape the string like this
$tmp = mysql_real_escape_string($_REQUEST['yyy']);
mysql_real_escape_string() protect from SQL injection by escaping your
string according to what your charset requires.
Good point, I should be doing that. But only
On 02/22/2010 10:37 PM, Michael Shadle wrote:
On Mon, Feb 22, 2010 at 1:30 PM, David Murphyda...@icewatermedia.com wrote:
Richard,
The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST,
they should ALL be treats as bad data until normalized and sanitized. The
claim that it
On Mon, Feb 22, 2010 at 2:07 PM, John Black
s...@network-technologies.org wrote:
And how is this more secure? I can create a cookie, send post or get on my
client machine and send anything I want to the server. Just because you are
getting a cookie does not mean that you created it :)
So you
On Mon, Feb 22, 2010 at 5:02 PM, Slack-Moehrle
mailingli...@mailnewsrss.com wrote:
John,
Then if you use a MySQL database you would escape the string like this
$tmp = mysql_real_escape_string($_REQUEST['yyy']);
mysql_real_escape_string() protect from SQL injection by escaping your
string
On 02/22/2010 11:17 PM, Michael Shadle wrote:
Secure might be the wrong term here. As you can easily change GET to
POST and vice-versa and send any cookies you like, this is why I tried
to revise my statement and quantify it better... in a properly coded
app it doesn't present much issue.
On Mon, Feb 22, 2010 at 22:37, Michael Shadle mike...@gmail.com wrote:
On Mon, Feb 22, 2010 at 1:30 PM, David Murphy da...@icewatermedia.com wrote:
Richard,
The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST,
they should ALL be treats as bad data until normalized and
The difference here is you can at least have some control over the
data and expect it in a certain fashion. Also the behavior of cookies
vs. get vs. post are different (cookies have length and expiration
limits, get has length limits, post has server confgured limits)
Like I said a
Op 2/22/10 8:39 PM, Slack-Moehrle schreef:
Hi All,
I have Forms that I submit for processing. I have seen examples of people
using either $_POST or $_REQUEST.
When would I choose one over the other?
use $_POST, $_REQUEST is normally an amalgam of GET, POST and COOKIE - as such
using
On 02/22/2010 11:42 PM, Michael Shadle wrote:
The difference here is you can at least have some control over the data
and expect it in a certain fashion. Also the behavior of cookies vs. get
vs. post are different (cookies have length and expiration limits, get
has length limits, post has server
On Mon, 2010-02-22 at 23:49 +0100, John Black wrote:
On 02/22/2010 11:42 PM, Michael Shadle wrote:
The difference here is you can at least have some control over the data
and expect it in a certain fashion. Also the behavior of cookies vs. get
vs. post are different (cookies have length
29 matches
Mail list logo