Which is better to use with sensitive information $_REQUEST or $_POST? I'm trying to do thi开发者_运维百科s as securely as possible, could anyone see the value with either functions?
If you are not using SSL, then anyone will be able to read EITHER of those with ease. If you want to send information securely, you need to consider a secure transport such as SSL / https://
Passing it through $_GET basically means sending it as part of the URL.
However, neither $_REQUEST nor $_POST are as secure. Encrypt your data before sending, and be sure to salt your passwords.
It's recommended to use post because it prevents bookmarking the url with the password in it or leaving the browser session open.
As with all security it's just a layer - even using POST you could still examine the request with a HTTP Proxy such as fiddler or look in firebug. If you want real security you should use SSL also.
As well as the points others have mentioned, using GET will mean the password will show up in log files, which isn't very secure, e.g.
GET http://example.com/login/process?email=tom@jones.com&password=its_not_unusual
Your best bet is to POST with SSL.
It is generally bad to pass important information using the query string as it very easy for a user to modify the variables passed. Post variables are not so easy to tamper with.
I have seen a website where sql statements where passed through the url, and another where php commands were passed and then executed with exec(), this is stupid beyond belief.
$_REQUEST returns as well the $_POST, the $_GET as the $_COOKIE variables. Sending passwords this way is nood a good idea. Try checking the passwords in your php and adding the active user to your $_SESSION
That's not functions used to pass something but rather arrays, used to access passed data.
POST method should be used and $_POST array to access posted data,
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论