The textbook I read says that $_REQUEST has security problem so we better use $_POST.
Is this OK?
PHP is as secure as any other major language. PHP is as secure as any major server-side language. With the new PHP frameworks and tools introduced over the last few years, it is now easier than ever to manage top-notch security.
GET is used when we want to pass the data which is not going to change (say static), addition to this Get is unsecured but it doesn't need any user input.
PHP $_REQUEST is a PHP super global variable which is used to collect data after submitting an HTML form. The example below shows a form with an input field and a submit button. When a user submits the data by clicking on "Submit", the form data is sent to the file specified in the action attribute of the <form> tag.
The PHP $_REQUEST is a PHP superglobal variable that is used to collect the data after submitting the HTML forms as the $_REQUEST variable is useful to read the data from the submitted HTML open forms. $_REQUEST is an associative array that by default contains contents of an $_GET, $_POST, and $_COOKIE.
I would say that it is dangerous to characterise $_POST as more secure than $_REQUEST.
If the data is not being validated and sanitized before being used, you have a possible vector of attack.
In short: It doesn't matter where the data comes from if it is not being handled in a secure manner.
Well, the reason that $_REQUEST
has issues is that it picks up values from $_GET
, $_POST
, and $_COOKIE
, which means that if you code things certain ways and make certain invalid trusting-the-client assumptions, a malicious user could take advantage of that by supplying a value in a different place than you expected and overriding the one you were trying to pass.
This also means that you may have given your henchman incorrect instructions, because it may have been a GET or COOKIE value that he was picking up from $_REQUEST
. You would need to use whatever place the value you're looking for actually shows up, not necessarily $_POST
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With