$_POST versus $_GET
Posted: Mon Sep 26, 2005 9:01 am
Is there a difference between $_POST and $_GET?
In general and if I use them on pagination.
In general and if I use them on pagination.
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Don't use $_REQUEST. Security Holes.CoderGoblin wrote:To access either in PHP use $_REQUEST..
How is that? Anybody can put anything they want in any $_REQUEST var - $_COOKIE, $_POST, or $_GET. Just because it's not $_GET doesn't make it more secure...pilau wrote:Don't use $_REQUEST. Security Holes.CoderGoblin wrote:To access either in PHP use $_REQUEST..
RFC 2616 wrote: In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.