Wade Preston Shearer wrote:
It's obviously wise to only post a form using GET when you absolutely
need to or there are no security concerns involved, but what about on
the receiving end? Are there any reasons to not always receive with
$_REQUEST? I have heard people say that you should only use $_REQUEST
when you absolutely need to receive from both GET and POST, but if a
hacker can simulate a POST just as easy as GET then how is it insecure?
wade
net
Keep in mind that $_REQUEST will also include cookies, which might lead
to unexpected results if you don't watch for it. You have to be
especially careful if you are hosting multiple subdomains and some of
them are using-domain wide cookies.
Alvaro
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
