Hi
On Wed, 07 Dec 2005 10:38:19 +0100 Sebastian Mendel lists@sebastianmendel.de wrote:
Michal Čihař schrieb:
Basically there is need for some function to grab required parameters from request and clean up GLOBALS array in case of register_globals is on.
cleanup is already done in grab_globals
Yes I know, but we want to drop it ;-).
// ifsetor() ;-) function checkRequest($name, $default = null) { if ( isset( $_REQUEST[$name] ) ) { return $_REQUEST[$name]; }
return $default;}
i think in most cases PMA should use $_REQUEST directly and use one of the above function only to set default values
using of $_REQUEST makes it more clear where this variable came from, reminding the developer always to take care with this variables!
I also suggested that, however I got convinced that grabbing variables is better way. Now I can not find reason for that :-).
and i think its not good to always 'clean' variables
what will you clean of? you can not decide what users inserts into her database or they name her tables and fields
you just have to take care to escape the input correctly before inserting or displaying - but not cleaning!
Clean was also meant for type checking - if you want int, you will get int and no some evil text.
and if the variable is a choice of options you have to check against the original choices (in_array or array_key_exists)
You're right.