For my framework, i want to empty/disable REQUEST array for security reasons and users should only use proper arrays such as POST, GET or COOKIE. But i don't know how to do it. Eve开发者_JAVA技巧n something like below doesn't seem to work, it empties even GET POST, etc.
$temp_get = $_GET;
$temp_post = $_POST;
$temp_cookie = $_COOKIE;
// empty request array
$_REQUEST = array();
$_GET = $temp_get;
$_POST = $temp_post;
$_COOKIE = $temp_cookie;
Try doing
unset($_REQUEST);
The right thing to do here is to replace all those functions/variables using $_REQUEST with their correct method. Stick to conventions, GET to pull, POST to insert data, and don't forget $_COOKIE.
If you do not take input from $_REQUEST you will save yourself a lot of trouble. To always be safe just remember to escape any kind of input that might be tampered (_GET,POST,_COOKIE, and don't forget some of those nasty _SERVER variables).
Would a solution like this work?
<?php
class Request
{
public static $get, $post, $cookie;
public function __construct()
{
self::$get = $_GET;
self::$post = $_POST;
self::$cookie = $_COOKIE;
}
}
new Request();
$_REQUEST = array();
print_r(Request::$get);
You can test it by going to test.php?a=b&c=d
Could you loop through $_GET, $_POST and $_COOKIE, saving their data, then clearing $_REQUEST?
$tget = array();
foreach($_GET as $k=>$v)
{
$tget[$k] = $v;
}
$tpost = array();
foreach($_POST as $k=>$v)
{
$tpost[$k] = $v;
}
$tcookie = array();
foreach($_COOKIE as $k=>$v)
{
$tcookie[$k] = $v;
}
unset($_REQUEST);
$_GET = $tget;
$_POST = $tpost;
$_COOKIE = $tcookie;
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论