[Phpmyadmin-devel] Re: Removing of grab_globals

Michal Čihař michal at cihar.com
Wed Dec 7 02:13:02 CET 2005


On Wed, 07 Dec 2005 10:38:19 +0100
Sebastian Mendel <lists at sebastianmendel.de> wrote:

> Michal Čihař schrieb:
> > Basically there is need for some function to grab required parameters
> > from request and clean up GLOBALS array in case of register_globals is
> > on.
> cleanup is already done in grab_globals

Yes I know, but we want to drop it ;-).

> // ifsetor() ;-)
> function checkRequest($name, $default = null)
> {
>      if ( isset( $_REQUEST[$name] ) ) {
>          return $_REQUEST[$name];
>      }
>      return $default;
> }
> i think in most cases PMA should use $_REQUEST directly and use one of 
> the above function only to set default values
> using of $_REQUEST makes it more clear where this variable came from, 
> reminding the developer always to take care with this variables!

I also suggested that, however I got convinced that grabbing variables
is better way. Now I can not find reason for that :-).

> and i think its not good to always 'clean' variables
> what will you clean of? you can not decide what users inserts into her 
> database or they name her tables and fields
> you just have to take care to escape the input correctly before 
> inserting or displaying - but not cleaning!

Clean was also meant for type checking - if you want int, you will get
int and no some evil text.

> and if the variable is a choice of options you have to check against the 
> original choices (in_array or array_key_exists)

You're right.

	Michal Čihař | http://cihar.com

More information about the Developers mailing list