[pLog-svn] Re: AdminLoginAction

soosa soosa soosas at gmail.com
Wed Mar 22 12:48:20 GMT 2006 

theres a role in PHP world that says :" TRY ALWAYS TO HIDE YOUR DATA AS MUCH
AS POSSIBLE !!! ", actually its not the matter of disallowing the user to
see his data moving from place to place using the http request, hiding the
posted data in the body of the http is just much more secure than sending
them in the header of the http, you know what, i really cannot remember the
last time that i have used the $_GET super global array !!!, it doesn't make
sense to use it because simply you are giving everybody the ability to "SEE"
what you are posting, and even if the data was really not that important it
still should be considered something precious and need to be secured, $_POST
is just "and might be the only !!" way to use to forward your data and let
it swim from sea to sea with less worrying :-)

God Save Open Source ;-)

soosa


On 3/22/06, Jon Daley <plogworld at jon.limedaley.com> wrote:
>
> On Tue, 21 Mar 2006, Jesse Peterson wrote:
> >> It doesn't matter, does it? There can't be both of them in the same
> >> request :-)
> >
> > Sure there can.  You can send a send an HTTP POST to a URL like:
> > http://example.com/example.php?myparam=value.  In raw PHP you grab the
> > URL param from $_GET and the POST param from $_POST.
> >
> > Unless I'm completely wrong - which wouldn't surprise me :).
>
>         You (Jesse) are correct.  When I code stuff I put the POST in
> higher precedence above the GET, because POSTs are a little harder to
> hack.
>         Here is a function I use all the time, and then never access $_GET
> or $_SERVER, etc. directly.
>
>
> function getHttpVar($type, $name, $default){
>      if($type == "GET"){
>          if(isset($_GET[$name])){
>              return jd_escape_string($_GET[$name]);
>          }
>      }
>      else if($type == "POST"){
>          if(isset($_POST[$name]))
>              return jd_escape_string($_POST[$name]);
>      }
>      else if($type == "EITHER"){
>          if(isset($_POST[$name])){
>              return jd_escape_string($_POST[$name]);
>          }
>          else if(isset($_GET[$name])){
>              return jd_escape_string($_GET[$name]);
>          }
>      }
>      return $default;
> }
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http:// devel.lifetype.net/pipermail/plog-svn/attachments/20060322/0da34f7c/attachment.html

More information about the pLog-svn mailing list