FUDforum: comp.lang.php » Magic quotes? Should I still be cautious?

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?

Show: Today's Messages :: Polls :: Message Navigator

Re: Magic quotes? Should I still be cautious? [message #176421 is a reply to message #176419]

Fri, 06 January 2012 10:07

Erwin Moller
Messages: 228
Registered: September 2010

Karma:

Senior Member

On 1/6/2012 12:28 AM, M. Strobel wrote:
> Am 05.01.2012 14:08, schrieb Erwin Moller:
>>
>> And $_REQUEST should be avoided anyway in all situation (in my
>> humble opinion) for various reasons. But if you use it, it should
>> indeed be added to your list in your approach.
>>
>> Regards,
>> Erwin Moller
>
> For me $_REQUEST is quite handy. All my functions reading user
> input use this. So they work equally well on different requests.

Hi Strobel,

And why do you prefer $_REQUEST over using the exact superglobal?
You do know where the information is supposed to come from.

>
> But then I have to mention my setup with a sort of call
> dispatcher: the called function is looked up in a list taking
> into account $_SERVER['REQUEST_METHOD'].

That explanation makes no sense to me without any more context.
Are you saying you are limiting access to certain function by checking
the used $_SERVER['REQUEST_METHOD']?
If so, that won't help at all, since anybody could still use the "right"
REQUEST_METHOD and manipulate the contents of GPC at the same time.

>
> All user input must be verified, no matter if it's in $_GET,
> $_POST, $_COOKIE or $_REQUEST for that matter - they can all be
> faked!

Of course.
But how does that relate to using $_REQUEST over the exact superglobal?

>
> Do not think that only your forms will be sent to your program.
>
> /Str.

I still see no reason at all to use $_REQUEST. It strikes me as lazy and
dangerous.
Of course you can program right and safe using $_REQUEST only, but it is
harder. On all occasion you have to wonder if the information you get
presented came from the place you expected it to come from.
Ans since there is no trade-off (no advantage in using $_REQUEST over
the exact superglobal) I don't see why you use it.

Often people who use it (in my experience) use $_REQUEST because they
never bothered to understand how and what information is send around.
Hence they had a poor understanding of what they are doing.
I am not saying you don't understand. I just cannot think of any valid
reason to use $_REQUEST.

In my opinion $_REQUEST is a design mistake by the PHP developers, just
like magic_quotes. :-)

If you think I am wrong about that, please tell me why.
I had this discussion a few years back too, but the guy turned out to be
a troll (and silly me took the bait!), so that turned out to be a dead end.

I am curious what the advantages or $_REQUEST are in your opinion.

In a few exceptional cases where I do expect the info coming from POST
or GET and cannot tell which one, I simply use something like:

$thing = (
(isset($_GET["thingy"]))?$_GET["thingy"]:
(isset($_POST["thingy"])?$_POST["thingy"]:"not set")
);

which is a bit awkward.
But since I almost always know where my data comes from, I don't mind
such a contraption once in a while. :-)

Regards,
Erwin Moller

--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens

Report message to a moderator

[Message index]

		Magic quotes? Should I still be cautious? By: Michael Joel on Thu, 29 December 2011 20:55
		Re: Magic quotes? Should I still be cautious? By: Michael Fesser on Thu, 29 December 2011 21:04
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Thu, 29 December 2011 21:53
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Thu, 29 December 2011 22:08
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Thu, 29 December 2011 22:22
		Re: Magic quotes? Should I still be cautious? By: Peter H. Coffin on Thu, 29 December 2011 23:53
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Fri, 30 December 2011 04:32
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 30 December 2011 11:38
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Fri, 30 December 2011 14:52
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Mon, 02 January 2012 14:02
		Re: Magic quotes? Should I still be cautious? By: Michael Fesser on Fri, 30 December 2011 12:18
		Re: Magic quotes? Should I still be cautious? By: alvaro.NOSPAMTHANX on Fri, 30 December 2011 09:26
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 30 December 2011 13:42
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Fri, 30 December 2011 14:52
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 04 January 2012 14:55
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Thu, 05 January 2012 13:08
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Thu, 05 January 2012 13:22
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Thu, 05 January 2012 13:36
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Thu, 05 January 2012 14:20
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Thu, 05 January 2012 15:49
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Thu, 05 January 2012 13:39
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Thu, 05 January 2012 23:28
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 00:36
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 06 January 2012 10:16
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Fri, 06 January 2012 11:05
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 13:32
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 17:18
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 18:04
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Sun, 08 January 2012 19:48
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Fri, 06 January 2012 19:14
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 19:24
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Fri, 06 January 2012 19:34
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 20:11
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 23:12
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sat, 07 January 2012 16:59
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sat, 07 January 2012 20:54
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sun, 08 January 2012 01:13
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sun, 08 January 2012 01:33
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sun, 08 January 2012 23:21
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Mon, 09 January 2012 00:05
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Sun, 08 January 2012 19:52
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sun, 08 January 2012 20:59
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 10:00
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Wed, 11 January 2012 11:53
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 13:45
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 14:43
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 13:44
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 14:47
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 14:51
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 17:09
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 19:01
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Thu, 12 January 2012 07:58
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 16:41
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 18:05
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 06 January 2012 10:07
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 17:05
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 18:07
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 18:45
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 23:09
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sat, 07 January 2012 17:08
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sat, 07 January 2012 20:59

Previous Topic:	Lilupophilupop
Next Topic:	[WSP] CALL FOR PAPERS [FREE]

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Nov 24 23:10:00 GMT 2024

Total time taken to generate the page: 0.04539 seconds