You are here: Re: [PHP] Re: trying to figure out the best/efficient way to tell whois loggedinto a site.. « PHP « IT news, forums, messages
Re: [PHP] Re: trying to figure out the best/efficient way to tell whois loggedinto a site..

Posted by Edward Vermillion on 09/15/05 00:30

Dan Baker wrote:
> "Ben" <ben@emediastudios.com> wrote in message

[snip]

> Interesting, but I think I wouldn't spend the extra code to detect if I was
> expecting a POST, but got a GET. If I didn't get the value from POST, I'd
> just assume it wasn't there -- I wouldn't go looking elsewhere for it, and
> report an error.
>

There's no extra code with !empty($_POST['whatever']). They didn't send
the information in the correct format (as a $_POST), so more than likely
it's someone trying to do something funny. So ignore it or whatever.
It's a real fast way to check if the data your getting came from your
form. You still need to do all the other checks too.

I see it not as a real security measure per se, but more like an initial
check to make sure what I'm getting from my forms (may) have really came
from my forms. If you can eliminate some funn business right off the bat
then you don't have to do any extra processing on what most probably is
bad data.

[snip]

>>And the lazy guy answer... typing $_POST and $_GET is faster than typing
>>$_REQUEST ;-).
>
>
> This is, by far, the best reason I've ever heard! <grin>
>
> DanB
>

I'd agree with that one too! ;)

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация