FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176422 is a reply to message #176420] Fri, 06 January 2012 10:16 Go to previous messageGo to previous message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma:
Senior Member
On 1/6/2012 1:36 AM, Jerry Stuckle wrote:
> On 1/5/2012 6:28 PM, M. Strobel wrote:
>> Am 05.01.2012 14:08, schrieb Erwin Moller:
>>>
>>> And $_REQUEST should be avoided anyway in all situation (in my
>>> humble opinion) for various reasons. But if you use it, it should
>>> indeed be added to your list in your approach.
>>>
>>> Regards,
>>> Erwin Moller
>>
>> For me $_REQUEST is quite handy. All my functions reading user
>> input use this. So they work equally well on different requests.
>>
>> But then I have to mention my setup with a sort of call
>> dispatcher: the called function is looked up in a list taking
>> into account $_SERVER['REQUEST_METHOD'].
>>
>> All user input must be verified, no matter if it's in $_GET,
>> $_POST, $_COOKIE or $_REQUEST for that matter - they can all be
>> faked!
>>
>> Do not think that only your forms will be sent to your program.
>>
>> /Str.
>
> $REQUESTS is quite dangerous. You never know whether it comes from
> $_GET, $_POST or $_COOKIE, for instance.
>
> A hacker can easily manipulate things like $_COOKIE to put whatever he
> wants in them. Rather, you should use $_GET, $_POST and $_COOKIE, as
> appropriate. Additionally, what you actually get depends on the
> request_order option in the php.ini file, and can change - potentially
> breaking your code.
>

Yes exactly.

Jerry, if memory serves me well, I had a discussion concerning $_REQUEST
a few years ago with a guy. He became increasingly annoying, until you
saved me from a headache by telling me I was taking the troll bait. ;-)

Regards,
Erwin Moller

--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Nov 25 00:41:14 GMT 2024

Total time taken to generate the page: 0.04643 seconds