On Jan 22, 2008 3:59 PM, Richard Lynch <ceo@xxxxxxxxx> wrote: > On Mon, January 21, 2008 10:03 am, Nathan Nobbe wrote: > > On Jan 21, 2008 10:19 AM, Eric Butera <eric.butera@xxxxxxxxx> wrote: > > > >> I don't think making a single generic function to iterate over every > >> value in the GET/POST arrays is a very good idea. Each field on a > >> form can contain very different pieces of data that should be handed > >> quite differently. I know you did point out that "this is just an > >> example," but nonetheless your class is intended to iterate over > >> everything with a generic solution. > > > > > > i think applying trim() to all input is appropriate. > > You're wrong. :-) fair enough; i thought about it after i said that and realized it wasnt the case. too bad somebody had to go and call me out on it ;) There is at least one app where whitespace was significant. > > It might be for integration with some weird legacy system somewhere, > but there it is. > > The sanitizing of any input data HAS to know what the data is supposed > to look like, and should be as strict as possible. > > No single function can handle that without some kind of meta knowledge > about the fields coming in from somewhere else. if there is default behavior that only needs to be applied in most cases then add a parameter to the function or an instance variable that indicates the default behavior should be overridden. as i said earlier, i was not posting this class as a generic solution for all input filtration. it was mainly intended to demonstrate conversion of variables within an array to ones in the current symbol tables using variable variables. note this segment from the original question: "..work by turning all key/value pairs for both get and post into variable names of the same name as the get/post key, and the variable values as the values from the post/get.." i also had no knowledge of the extract() function which basically does the same thing. on another thread today somebody mentioned inspekt, this looks like a pretty solid validation / sanitization system. http://code.google.com/p/inspekt/ i looked at a couple of the other filtration systems eric recommended and appreciate him sharing. -nathan
