[Phpmyadmin-devel] Re: Removing of grab_globals
Michal Čihař
michal at cihar.com
Wed Dec 7 02:13:02 CET 2005
Hi
On Wed, 07 Dec 2005 10:38:19 +0100
Sebastian Mendel <lists at sebastianmendel.de> wrote:
> Michal Čihař schrieb:
> > Basically there is need for some function to grab required parameters
> > from request and clean up GLOBALS array in case of register_globals is
> > on.
>
> cleanup is already done in grab_globals
Yes I know, but we want to drop it ;-).
> // ifsetor() ;-)
> function checkRequest($name, $default = null)
> {
> if ( isset( $_REQUEST[$name] ) ) {
> return $_REQUEST[$name];
> }
>
> return $default;
> }
>
> i think in most cases PMA should use $_REQUEST directly and use one of
> the above function only to set default values
>
> using of $_REQUEST makes it more clear where this variable came from,
> reminding the developer always to take care with this variables!
I also suggested that, however I got convinced that grabbing variables
is better way. Now I can not find reason for that :-).
> and i think its not good to always 'clean' variables
>
> what will you clean of? you can not decide what users inserts into her
> database or they name her tables and fields
>
> you just have to take care to escape the input correctly before
> inserting or displaying - but not cleaning!
Clean was also meant for type checking - if you want int, you will get
int and no some evil text.
> and if the variable is a choice of options you have to check against the
> original choices (in_array or array_key_exists)
You're right.
--
Michal Čihař | http://cihar.com
More information about the Developers
mailing list