Recipe 18.3. Ensuring Input Is Filtered
18.3.1. ProblemYou need to be sure that all input is filtered before being used. 18.3.2. SolutionInitialize an empty array in which to store filtered data. After you've proven that something is valid, store it in this array: <?php /* Initialize an array for filtered data. */ $clean = array(); /* Allow alphabetic names. */ if (ctype_alpha($_POST['name'])) { $clean['name'] = $_POST['name']; } else { /* Error */ } ?> 18.3.3. DiscussionBy using a strict naming convention, you can more easily keep up with what input has been filtered. Always initializing $clean to an empty array ensures that data cannot be injected into the array; you must explicitly add it. Once you adopt a technique such as the use of $clean, it is important that you only use data from this array in your business logic. 18.3.4. See AlsoRecipes Recipe 9.2 to 9.9 discuss form input validation for different types of data in detail. |
PHP Cookbook: Solutions and Examples for PHP Programmers
ISBN: 0596101015
EAN: 2147483647
EAN: 2147483647
Year: 2006
Pages: 445
Pages: 445
Authors: Adam Trachtenberg, David Sklar
- ERP System Acquisition: A Process Model and Results From an Austrian Survey
- The Second Wave ERP Market: An Australian Viewpoint
- Data Mining for Business Process Reengineering
- Intrinsic and Contextual Data Quality: The Effect of Media and Personal Involvement
- Relevance and Micro-Relevance for the Professional as Determinants of IT-Diffusion and IT-Use in Healthcare