How evil is $_REQUEST and what are some acceptable Band-Aid countermeasures?

Question

I\'ve come across a couple of popular PHP-related answers recently that suggested using the superglobal $_REQUEST, which I think of as code smell, because it re

Answer 1

Just treat it as it is: a method to get data from the user. It has to be sanitised and validated, so why should you care if it came in the form of a POST, a GET or a cookie? They all come from the user, so saying 'they can be spoofed!' is superfluous.