|
|
Posted by Steve on 04/02/07 18:02
"dimo414" <dimo414@gmail.com> wrote in message
news:1175527326.721009.324060@d57g2000hsg.googlegroups.com...
| First off, like JO said, you're thinking in terms of JavaScript, while
| working in PHP. $_SESSION is only used for session data, like a user
| id - information you set about a visitor that will cary over between
| pageviews. $_GET and $_POST are for form data (or in the case of
| $_GET, url variables as well). You determine which to use in the
| <form> tag of your html. Although $_REQUEST will accomodate both, I
| would suggest always using the specific array depending on how you're /
| supposed/ to be receiving the data. If you use $_REQUEST, and you're
| trying to get POST data, a malicious user could put the same name into
| a GET variable and overwrite that index of $_REQUEST.
good points all. HOWEVER, PLEASE DON'T try and give the impression that
POSTing to a server is any more or less secure than GETting!!! a malicious,
or even mildly curious, person can just as easily play with either data
submission method. it makes NO difference.
$_REQUEST is just fine. i only delineate the use of $_GET or $_POST if i am
specifically expecting something via that means. my 'action' may very well
be passing data on a query string on submit as well as posting data from the
form having said 'action'.
the ONLY security you can rely on are the steps you take when you receive
get/post directives/data.
cheers
Navigation:
[Reply to this message]
|