FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176420 is a reply to message #176419] Fri, 06 January 2012 00:36 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 1/5/2012 6:28 PM, M. Strobel wrote:
> Am 05.01.2012 14:08, schrieb Erwin Moller:
>>
>> And $_REQUEST should be avoided anyway in all situation (in my
>> humble opinion) for various reasons. But if you use it, it should
>> indeed be added to your list in your approach.
>>
>> Regards,
>> Erwin Moller
>
> For me $_REQUEST is quite handy. All my functions reading user
> input use this. So they work equally well on different requests.
>
> But then I have to mention my setup with a sort of call
> dispatcher: the called function is looked up in a list taking
> into account $_SERVER['REQUEST_METHOD'].
>
> All user input must be verified, no matter if it's in $_GET,
> $_POST, $_COOKIE or $_REQUEST for that matter - they can all be
> faked!
>
> Do not think that only your forms will be sent to your program.
>
> /Str.

$REQUESTS is quite dangerous. You never know whether it comes from
$_GET, $_POST or $_COOKIE, for instance.

A hacker can easily manipulate things like $_COOKIE to put whatever he
wants in them. Rather, you should use $_GET, $_POST and $_COOKIE, as
appropriate. Additionally, what you actually get depends on the
request_order option in the php.ini file, and can change - potentially
breaking your code.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 17:27:59 GMT 2024

Total time taken to generate the page: 0.06290 seconds