Daniel Brown wrote:
On 8/9/07, Jim Lucas <lists@xxxxxxxxx> wrote:
What is complicated about
step1.php
<?php
$my_post_data = $_POST;
...
perhaps you want to have a clean data set
you can do this as you populate the $my_post_data
let me rename variable
<?php
//This allows you to only have to clean the post data once.
//Then upon reuse in step2.php, you don't have to clean data a second time.
$clean_post_data = cleanup_input_data($_POST);
$_SESSION['_POST'] = $clean_post_data;
//You should never work with raw $_POST or $_GET data
//You should always clean first then use the data. Storing it in a different array,
//not back in the $_POST and/or $_GET arrays and overwriting the original data.
... working with $clean_post_data ...
?>
$_SESSION['_POST'] = $clean_post_data;
?>
and
step2.php
<?php
$my_post_data = $_SESSION['_POST'];
this data is supposedly clean, some would say that it is best to assume that the data is might be
tainted, but I have always assumed that nobody is actually going to modify the session data files
directly and inject harmful data into the session file itself.
But some would say, even re-clean the data that you pull from your sessions, because you never know
how someone might try and mess with you.
...
?>
Jim, perhaps I'm missing something that you're hinting at,
represented by the ellipsis, but why redefine the superglobal to a
transient variable prior to populating the session?
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
