At 8:52 AM -0300 6/17/06, Martin Marques wrote: >Yesterday when reading some doc on PHP I noticed the $_REQUEST predefined >array, which looked like a solution to having to check in GET and POST data >(I'm not sure if it will really have an impact on my program yet). > >The thing is, I also saw this description: > >Variables provided to the script via the GET, POST, and COOKIE input >mechanisms, and which therefore cannot be trusted. > >Now, why shouldn't it be trusted?
Martin: Lot's of reasons why you shouldn't trust user input. The best book I've read covering the subject has been: Essential PHP Security (Paperback) by Chris Shiflett <http://www.amazon.com/gp/product/059600656X/sr=8-1/qid=1150552179/ref=pd_bbs_1/102-6441978-4633725?%5Fencoding=UTF8> In my opinion, it's a "must read" if you care about security. tedd PS: The author also attends this list -- ------------------------------------------------------------------------------------ http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
