Hi
On Wed, 07 Dec 2005 10:38:19 +0100
Sebastian Mendel <lists(a)sebastianmendel.de> wrote:
Michal Čihař schrieb:
Basically there is need for some function to grab
required parameters
from request and clean up GLOBALS array in case of register_globals is
on.
cleanup is already done in grab_globals
Yes I know, but we want to drop it ;-).
// ifsetor() ;-)
function checkRequest($name, $default = null)
{
if ( isset( $_REQUEST[$name] ) ) {
return $_REQUEST[$name];
}
return $default;
}
i think in most cases PMA should use $_REQUEST directly and use one of
the above function only to set default values
using of $_REQUEST makes it more clear where this variable came from,
reminding the developer always to take care with this variables!
I also suggested that, however I got convinced that grabbing variables
is better way. Now I can not find reason for that :-).
and i think its not good to always 'clean'
variables
what will you clean of? you can not decide what users inserts into her
database or they name her tables and fields
you just have to take care to escape the input correctly before
inserting or displaying - but not cleaning!
Clean was also meant for type checking - if you want int, you will get
int and no some evil text.
and if the variable is a choice of options you have to
check against the
original choices (in_array or array_key_exists)
You're right.
--
Michal Čihař |
http://cihar.com