So, I've been coding for a little (2 years), and I have a very subjective question:
Is it wrong to use $_REQUEST for Data?
This mainly pertains to authentication by the way.
If you think about the 3 ways data can occur in $_REQUEST
, it can come from either a cookie, a form, or a query string. Now, I know that most people directly grab the information from either $_POST
or $_GET
, using $_COOKIE
only when they are expecting a cookie.
My theory is that in reality, there shouldn't be any difference in this data, and it shouldn't make any difference if you replaced $_POST
or $_GET
with $_REQUEST
.
If you are authenticating a user into the system, does it really mattered if the authentication details are contained in the $_POST
or $_GET
array? Heck, it probably shouldn't matter if they are in $_COOKIE
either. They are still giving you credentials to log into the site, which you should check for correctness, and if so log them in.
Now, I do realize there are security issues if you try to have a login form that submits data via a query string, but I don't believe that pertains to the question. Also, if someone fails a login too many times, there should be proper limits set in place to avoid overloading the server.
I'd like to here the opinion about this.
Community Wiki'd for good measure.
Oh, and just by the way, here are other StackOverflow questions that relate if you have other questions about $_REQUEST
Why should I use $_GET and $_POST instead of $_REQUEST? When and why should $_REQUEST be used instead of $_GET / $_POST / $_COOKIE?