TalkPHP - View Single Post

Village Idiot · 03-17-2008, 01:48 AM

$_REQUEST just meshes them all together, leaving a name clash problem. I did some tests on name clashes. In the event of a name clash, it will respond in this order (if above exists, it overrides below)
Cookies
POST
GET

Therefore if you mean to get $_POST["user"] but $_COOKIE["user"] exists, you will have a mismatch. That could be an error, but if exploited right, a security risk. Don't use $_REQUEST

Now to answer your question: What is its purpose. I guess it could have uses if you dont know where the variable will exist, but I dont see it as worth the possible security risk. Like the goto line in BASIC languages, it has some specific uses but its bad outweighs the good. Not a great comparison because GOTO is pure, sadistic evil, but its the best I could think of off the top of my head.

03-17-2008, 01:48 AM	#3 (permalink)
Village Idiot Wizard Join Date: Sep 2007 Posts: 1,299 Thanks: 17	$_REQUEST just meshes them all together, leaving a name clash problem. I did some tests on name clashes. In the event of a name clash, it will respond in this order (if above exists, it overrides below) Cookies POST GET Therefore if you mean to get $_POST["user"] but $_COOKIE["user"] exists, you will have a mismatch. That could be an error, but if exploited right, a security risk. Don't use $_REQUEST Now to answer your question: What is its purpose. I guess it could have uses if you dont know where the variable will exist, but I dont see it as worth the possible security risk. Like the goto line in BASIC languages, it has some specific uses but its bad outweighs the good. Not a great comparison because GOTO is pure, sadistic evil, but its the best I could think of off the top of my head. __________________