News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Brian Moon's Blog:
Responsible use of the $_REQUEST variable
January 22, 2008 @ 09:38:00

In one of his recent blog entries, Brian Moon takes a look at what he considers the "proper use" of the PHP superglobal $_REQUEST (as brought on by a thread on the PHP internals mailing list.

I have seen more than one person make the following logic mistake: I may get data via GET, I may get data via POST - Ah, I should use $_REQUEST as it will catch both.

Brian points out the error - cookies aren't in $_REQUEST so improper handling of those values could lead to cookie data overwriting GET/POST data from $_REQUEST. Several of the comments on the post also warn against improper handling of the values, noting that doing so could lead to holes open for attacks (like session fixation).

0 comments voice your opinion now!
get post request superglobal cookie security merge


blog comments powered by Disqus

Similar Posts

PHP.net: PHP Versions 5.5.13 & 5.4.29 Released

PHPBuilder.com: Securing Data Sent Via GET Requests

PHP.net: PHP 5.4.35, 5.5.19 and 5.6.3 Released

Job Posting: Oslo University College Seeks Teacher in Web Programming (Oslo, Norway)

Chris Shiflett\'s Blog: Gosling Didn\'t Get The Memo


Community Events





Don't see your event here?
Let us know!


tool voicesoftheelephpant introduction artisanfiles community list framework library conference laravel composer interview security series opinion podcast release version language symfony

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework