Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I know $_REQUEST is bad because it contains cookie data as well.
Is it still bad to use $_REQUEST if we use some sort of clean function to it? Would someone be able to elaborate?
$_REQUESTis not specifically dangerous. Any user input can be an attack and should be treated as such. For any input medium$_GET,$_POST,$_COOKIE, use an appropriate methodintval(),preg_match(), … to verify that the value you receive is something you expect.For example if you expect a file name and intend to send it to the user, make sure it does not contain
..or/so the user won’t be able to access your filesystem.If you want to insert a user generated value in a database, make sure you are escaping your values, using the old
mysql_real_escape_string, or better PDO or mysqli prepared statements.