|
Posted by Ben on 09/15/05 00:03
Dan Baker wrote:
>>On the one hand, you can't trust anything that came from the client, but
>>on the other if you're expecting a variable to come from a cookie and
>>instead it comes from a get you know something weird is going on, but
>>using $_REQUEST you'll be oblivious. You ought to know where your
>>variable values are coming from, $_REQUEST hides this.
>
>
> Interesting, but I think I wouldn't spend the extra code to detect if I was
> expecting a POST, but got a GET. If I didn't get the value from POST, I'd
> just assume it wasn't there -- I wouldn't go looking elsewhere for it, and
> report an error.
Sorry, I didn't mean to suggest you spend the extra time checking to see
if you got a get when expecting a cookie, I meant to suggest that if you
were expecting a cookie you only look for a cookie and therefore ignore
the get (and generate whatever error is appropriate if you didn't get
the value). No point doing any extra coding. The point was that you
shouldn't accept a variable from where you weren't expecting it, which
$_REQUEST doesn't allow you to do.
>
> The *main* reason I use $_REQUEST is so I can code up GET and POST pages
> that all are handled by the same php functions. I may have an item called
> "Key" that contains what the end-user is expected to be doing ("User.Create"
> or "User.Edit" or whatever). Then I may have a link (GET) that has
> ?Key=User.Create, while a form (POST) that has a hidden value "Key" with
> value "User.Create". I don't really care if it came from a GET or POST --
> if the data is all valid, I'll allow it to work.
How are you passing your values to your functions? If you stick to
local variables in your functions they won't care where you got the
values from. Deal with the post or get values in whatever script
handles your form submissions and have it pass the values on to your
functions.
IE
In your post handling script:
$result=doSomething($_POST['this'],$_POST['that']);
In your get handling script:
$result=doSomething($_GET['this'],$_GET['that']);
- Ben
Navigation:
[Reply to this message]
|