These are the points that stood out for me...
Andre D wrote:...So avoiding $_REQUEST doesn't necessarily make your site more secure, but by explicitly checking for data in the appropriate $_POST and $_GET arrays, you can be more confident that your visitors are using your web application within the operating parameters that you define.
Chris Shiflett wrote:...Using $_REQUEST unnecessarily increases your risk...
Chris Shiflett wrote:...convenience typically increases risk...
Also mentioned in Chris Shiflett's article was to use a hidden form field with a random token to help prevent against CSRF attacks and give this token an expiry time - great idea!
So I still stand by what I said, I dont recommend using REQUESTs it is sloppy!
