PHPDeveloper.org: Brian Moon's Blog: Responsible use of the $

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Vermont Information Processing Seeks Senior/Lead PHP Developer (Burlington, VT)

Job Posting: Mediware Blood Center Technologies Seeks PHP Software Developer (Jacksonville, FL)

PHP Zone: Can Learning Drupal Get You a Job?

Job Posting: Tilllate Media Seeks Senior PHP Developer (Glasgow, UK)

Job Posting: Agency Matrix Seeks Senior Application Developer (Addison, TX)

Job Posting: HUGE Seeks Freelance Zend/WordPress Developer (Brooklyn, NY)

Job Posting: Abbott Laboratories Seeks PHP Developer (Irving, TX)

Job Posting: BetFair Seeks Lead Software Engineer (Web)

Job Posting: Uplifting Innovations Seeks Lead PHP Developer (Portland, OR)

Job Posting: Ganz Seeks PHP Developer (Toronto, Ontario)

News Archive

Community News: Symfony-Check.org (A Symfony Deployment Checklist)

Matt Williams' Blog: High level search with PHP and Apache Solr

Brian Swan's Blog: Retrieving Data with the OData SDK for PHP

Brandon Savage's Blog: The 15 Minute Rule Of Software Development

PHPBuilder.com: Create Custom Google Analytics Interfaces Using PHP

NETTUTS.com: Image Resizing Made Easy with PHP

Symfony Blog: Running a TV station with symfony

Eli White's Blog: Conferences, Speakers & Presentations

Ibuildings techPortal: Zend Studio formatted for Zend Framework and ATK

Brian Moon's Blog:
Responsible use of the $_REQUEST variable

by Chris Cornutt January 22, 2008 @ 09:38:00

In one of his recent blog entries, Brian Moon takes a look at what he considers the "proper use" of the PHP superglobal $_REQUEST (as brought on by a thread on the PHP internals mailing list.

I have seen more than one person make the following logic mistake: I may get data via GET, I may get data via POST - Ah, I should use $_REQUEST as it will catch both.

Brian points out the error - cookies aren't in $_REQUEST so improper handling of those values could lead to cookie data overwriting GET/POST data from $_REQUEST. Several of the comments on the post also warn against improper handling of the values, noting that doing so could lead to holes open for attacks (like session fixation).

0 comments voice your opinion now!
get post request superglobal cookie security merge

Similar Posts