NYCPHP Meetup

NYPHP.org

[nycphp-talk] Manipulating $_REQUEST Directly

Chris Shiflett shiflett at php.net
Tue Jul 17 11:07:13 EDT 2007


As a side note to this discussion, using $_REQUEST is a poor practice.
For one, it makes it practically impossible to adhere to the HTTP
specification:

"In particular, the convention has been established that the GET and
HEAD methods SHOULD NOT have the significance of taking an action other
than retrieval. These methods ought to be considered "safe". This allows
user agents to represent other methods, such as POST, PUT and DELETE, in
a special way, so that the user is made aware of the fact that a
possibly unsafe action is being requested."

If you're not distinguishing between GET and POST, you can't adhere to
this recommendation. This can lead to numerous problems:

http://shiflett.org/blog/2006/dec/google-web-accelerator-debate

Hope that helps.

Chris

-- 
Chris Shiflett
http://shiflett.org/



More information about the talk mailing list