问题描述
所以,我一直在编码一点点(2年),我有一个非常主观的问题:
So, I've been coding for a little (2 years), and I have a very subjective question:
这是错误的使用$ _REQUEST的数据?
Is it wrong to use $_REQUEST for Data?
这主要是由道路属于认证。
This mainly pertains to authentication by the way.
如果您认为对3种方式的数据可以出现在 $ _ REQUEST ,它可以来自一个cookie,窗体或查询字符串。现在,我知道大多数人直接抢无论从 $ _ POST 或 $ _ GET ,使用<$ C $信息C> $ _ COOKIE ,只有当他们正期待一个cookie。
If you think about the 3 ways data can occur in $_REQUEST, it can come from either a cookie, a form, or a query string. Now, I know that most people directly grab the information from either $_POST or $_GET, using $_COOKIE only when they are expecting a cookie.
我的理论是,在现实中,不应该有这个数据的任何区别,它不应该作出任何区别,如果你更换 $ _ POST 或 $ _ GET 与 $ _ REQUEST 。
My theory is that in reality, there shouldn't be any difference in this data, and it shouldn't make any difference if you replaced $_POST or $_GET with $_REQUEST.
如果你正在验证用户进入系统,的确,如果验证信息包含在 $ _ POST 或 $ _ GET 数组?哎呀,这或许不应该,如果他们在 $ _ COOKIE 要么无所谓。他们仍然给你的凭据登录到网站,您应该检查是否正确,如果是登录他们进来。
If you are authenticating a user into the system, does it really mattered if the authentication details are contained in the $_POST or $_GET array? Heck, it probably shouldn't matter if they are in $_COOKIE either. They are still giving you credentials to log into the site, which you should check for correctness, and if so log them in.
现在,我不知道有安全问题,如果你希望拥有通过查询字符串提交数据的登录表单,但我不相信,涉及到的问题。另外,如果有人失败登录次数过多,应到位,以避免过载服务器设置适当的限制。
Now, I do realize there are security issues if you try to have a login form that submits data via a query string, but I don't believe that pertains to the question. Also, if someone fails a login too many times, there should be proper limits set in place to avoid overloading the server.
我想在这里对这个意见。
I'd like to here the opinion about this.
社区Wiki'd的好办法。
Community Wiki'd for good measure.
哦,只是顺便说说,这里有关联,如果你有关于 $其他问题StackOverflow的其他问题_ REQUEST
Oh, and just by the way, here are other StackOverflow questions that relate if you have other questions about $_REQUEST
http://stackoverflow.com/questions/368329/php-using-get-post-instead-of-request
http://stackoverflow.com/questions/107683/when-and-why-should-request-be-used-instead-of-get-post-cookie
推荐答案
在好的编码习惯,你想的歧义尽可能的。
In "good" coding practice, you want to disambiguate as much as possible.
由于$ _REQUEST包含_POST,$ _ GET,默认情况下$ _COOKIE中的数据,通过存储使用$ _REQUEST检索到的数据将是不明确的,以它来自哪个方法变量中的值。
Since $_REQUEST contains the data from $_POST, $_GET, and $_COOKIE by default, the value held by the variable that stores the data retrieved using $_REQUEST will be ambiguous as to which method it came from.
如果我们更具体地,它将受益$ C $的c可读性,以及逻辑的理解,并有助于在未来的调试。
If we are more specific, it will benefit readability of code, as well as understanding of logic, and helps for debugging in the future.
(更别说关于每种方法的安全性问题,尤其是$ _GET一个)
(Let alone the security issues concerning each method, especially the $_GET one)
这篇关于这是错误的使用$ _REQUEST的数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!