You are here: Re: trying to figure out the best/efficient way to tell whois logged into a site.. « PHP « IT news, forums, messages
Re: trying to figure out the best/efficient way to tell whois logged into a site..

Posted by "Dan Baker" on 09/14/05 21:57

(snipped)
"Ben" <ben@emediastudios.com> wrote in message
news:43285F71.50101@emediastudios.com...
> Gustav Wiberg wrote:
>> if (isset($_REQUEST["frmUsername"])) {
>>
>> $un = $_REQUEST["frmUsername"];
>
> If you're going to use $_REQUEST you might as well just turn on register
> globals (no, don't!).
>
> If you're expecting a post look for a $_POST, if you're expecting a get
> look for a $_GET. Ditto with cookies. You really need to know where your
> variables are coming from if you want a measure of security.

Why is using $_REQUEST a security issue? You know every value in the entire
array came from the end-user, and needs to be validated somehow. If your
code is written so the end-user can send this data to you via a
POST/GET/COOKIE, why not use $_REQUEST?

Just trying to learn.
DanB

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация