On Mon, April 16, 2007 11:12 am, tedd wrote: > I've been accuse of that too, but what's your solution? *MY* solution: Don't use empty because its behaviour changed wrt "0" in various versions, so it's just gonna bite you in the butt like it did me. :-) I generally do this basic algorithm: #1 Use isset() to see what came "in" as inputs, to decide basic business logic for large-scale chunks of code Also use specific values with == for simple if/else or switch setup here #2 Within an isset() (and possible == 'foo' block) Check the validity of the data *WAY* more than just "empty" preg_match with a white-list pattern is good ctype for specific data is good checking with strlen() (possibly with trim() first) is good typecasting any data that should be of a certain type is good checking inputs against a static list of valid inputs is good #3 Still within the block, Prep input data for output formats as needed for this section: $foo_sql = mysql_real_escape_string($foo, $connection); $foo_html = htmlentities($foo); $foo_json = json_encode(foo); Only after all that is done do I start actually doing fine-tuned business logic of the body of my code. I may end up repeating the same large structure I had above, to decide what code to run, or maybe it will be a different structure, depending on what the script does. But all my data is clean and prepped at this point, so I can just use it. Within that code, if I'm writing an SQL query, I can just do: $query = "whatever SQL blah blah '$foo_sql' blah "; If I'm going to echo out $foo, I can just do: echo "whatever blah blah $foo_html blah "; I just tossed in JSON even though I've never used it in my life so far, but I presume it would be like: ?><script type="text/javascript"> <!-- var foo = <?php echo $foo_json?>; --> </script> <?php I'm not claiming this is the best way ever, or will work for the next big thing with 50 developers, but it works well for my needs of simple maintainable scripts in a one-man shop. YMMV -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
