Does PHP's $_REQUEST method have a security problem?

Question

The textbook I read says that $_REQUEST has security problem so we better use $_POST.

Is this OK?

Answer 1

@Christian:

When talking about some of them being more dangerous than others I would indeed separate $_GET and $_REQUEST (as it includes $_GET) out from $_POST, as it is slightly harder to generate, i.e. manipulate, a POST request than a GET request. The emphasis here is slightly, but using POST for sensitive operations at least removes another layer of low hanging fruits to exploit.

Bzzt. Sorry, but this just ain't true.

Anybody who understands the difference between GET and POST or how unsanitized inputs might be exploitable, won't hesitate for a second to fire up Tamper Data.

Some people have it right here: there is NO security lost or gained by using $_REQUEST in a well-designed system.