[nycphp-talk] $_REQUEST: Bad Form?
David Krings
ramons at gmx.net
Sat Oct 13 12:48:22 EDT 2007
Kenneth Downs wrote:
> Brian D. wrote:
>> I can't find where I read it originally, but somewhere I've been told
>> or read that "using $_REQUEST is bad form." I understand that in cases
>> where you want to force a $_POST request, but if you might receive
>> $_GET or $_POST then isn't is better than doing if/elses?
>>
>
> Others have already pointed out that for reliability sake, $_POST and
> $_GET give you direct access to user supplied data before some other
> process has interfered with it.
>
> Originally GET and POST were intended for different purposes. The one
> to "get" data from the server and the other to "post" data to the
> server. In real life this means that a GET querystring is limited,
> depending on the browser, to about 2000-8000 bytes. A POST query on the
> other hand is expected to upload files, possibly post large text fields
> and so forth and so the size of a POST is allowed to be much more than a
> GET.
>
> But if you take large uploads out of the picture, the simple fact is
> that a GET and POST are functionally identical once the PHP script is
> executing. Each arrives as an associative array. If you treat them
> differently then you are doing so out of respect for conventions that
> have no direct impact on your program. In cases like this I go back
> and forth. I will do whatever produces the most reliable code, even if
> it defies convention, but if there is nothing to be gained by defying
> convention I will try to go along so as to avoid all the free advice you
> get from the code police.
One difference not pointed out is that GET is usually transmitted in plain
sight via URL, whereas POST is not. That hasn't anything to do with what
happens on the server side. I generally dislike GET just for that reason, but
sometimes it comes in handy.
David
More information about the talk
mailing list