[pLog-svn] Re: AdminLoginAction

soosa soosa soosas at gmail.com
Wed Mar 22 12:49:59 GMT 2006 

from the buttom of my heart, thank you guys for this wonderful comunity,
really thanks alot boys ;P

On 3/22/06, soosa soosa <soosas at gmail.com> wrote:
>
> theres a role in PHP world that says :" TRY ALWAYS TO HIDE YOUR DATA AS
> MUCH AS POSSIBLE !!! ", actually its not the matter of disallowing the user
> to see his data moving from place to place using the http request, hiding
> the posted data in the body of the http is just much more secure than
> sending them in the header of the http, you know what, i really cannot
> remember the last time that i have used the $_GET super global array !!!, it
> doesn't make sense to use it because simply you are giving everybody the
> ability to "SEE" what you are posting, and even if the data was really not
> that important it still should be considered something precious and need to
> be secured, $_POST is just "and might be the only !!" way to use to forward
> your data and let it swim from sea to sea with less worrying :-)
>
> God Save Open Source ;-)
>
> soosa
>
>
>
> On 3/22/06, Jon Daley <plogworld at jon.limedaley.com> wrote:
> >
> > On Tue, 21 Mar 2006, Jesse Peterson wrote:
> > >> It doesn't matter, does it? There can't be both of them in the same
> > >> request :-)
> > >
> > > Sure there can.  You can send a send an HTTP POST to a URL like:
> > > http://example.com/example.php?myparam=value.  In raw PHP you grab the
> > > URL param from $_GET and the POST param from $_POST.
> > >
> > > Unless I'm completely wrong - which wouldn't surprise me :).
> >
> >         You (Jesse) are correct.  When I code stuff I put the POST in
> > higher precedence above the GET, because POSTs are a little harder to
> > hack.
> >         Here is a function I use all the time, and then never access
> > $_GET
> > or $_SERVER, etc. directly.
> >
> >
> > function getHttpVar($type, $name, $default){
> >      if($type == "GET"){
> >          if(isset($_GET[$name])){
> >              return jd_escape_string($_GET[$name]);
> >          }
> >      }
> >      else if($type == "POST"){
> >          if(isset($_POST[$name]))
> >              return jd_escape_string($_POST[$name]);
> >      }
> >      else if($type == "EITHER"){
> >          if(isset($_POST[$name])){
> >              return jd_escape_string($_POST[$name]);
> >          }
> >          else if(isset($_GET[$name])){
> >              return jd_escape_string($_GET[$name]);
> >          }
> >      }
> >      return $default;
> > }
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://devel.lifetype.net/mailman/listinfo/plog-svn
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http:// devel.lifetype.net/pipermail/plog-svn/attachments/20060322/53140efe/attachment.html

More information about the pLog-svn mailing list