Does PHP’s $_REQUEST method have a security problem?

by

I would say that it is dangerous to characterise $_POST as more secure than $_REQUEST.

If the data is not being validated and sanitized before being used, you have a possible vector of attack.

In short:
It doesn’t matter where the data comes from if it is not being handled in a secure manner.

More Related Contents:

  1. How can I prevent SQL injection in PHP?
  2. SQL injection that gets around mysql_real_escape_string()
  3. Secure hash and salt for PHP passwords
  4. Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
  5. When should I use prepared statements?
  6. PHP Session Fixation / Hijacking
  7. “Keep Me Logged In” – the best approach
  8. How do I use password hashing with PDO to make my code more secure? [closed]
  9. How to properly add cross-site request forgery (CSRF) token using PHP
  10. Examples of SQL Injections through addslashes()?
  11. PHP: Is mysql_real_escape_string sufficient for cleaning user input?
  12. Generating a random password in php
  13. Preventing session hijacking
  14. PHP image upload security check list
  15. Stop people uploading malicious PHP files via forms
  16. “slash before every quote” problem [duplicate]
  17. Many hash iterations: append salt every time?
  18. PHP: How To Disable Dangerous Functions
  19. How to prevent multiple logins in PHP website
  20. a better approach than storing mysql password in plain text in config file?
  21. What security issues should I look out for in PHP
  22. Detecting Ajax in PHP and making sure request was from my own website
  23. What does mysql_real_escape_string() do that addslashes() doesn’t?
  24. Generate cryptographically secure random numbers in php
  25. Use of Initialization Vector in openssl_encrypt
  26. Session timeouts in PHP: best practices
  27. Secure User Image Upload Capabilities in PHP
  28. Best way to connect to MySQL with PHP securely [duplicate]
  29. Safe alternatives to PHP Globals (Good Coding Practices)
  30. Single Session Login in Laravel

Leave a Comment