[nycphp-talk] PHP Form Validation
Cliff Hirsch
cliff at pinestream.com
Thu Sep 1 12:44:42 EDT 2005
PHPBuilder just posted this article: PHP Form Validation System: An
Object-Oriented Approach
See: <http://www.phpbuilder.com/columns/weiner20050831.php3>
http://www.phpbuilder.com/columns/weiner20050831.php3
Beside the primary validation content, the article uses the following
example, which I often see:
<input type="text" name="email" value="<?=$_POST['email']?>" />
I often wonder (but not when I'm with my wife) what the pros and cons
are of using value= $_POST['something'] versus value = $fresh_variable.
First, can't $_POST['email'] create an error, since on first pass, the
'email' key would not exist.
Second, how do you set default values? You would be setting the Post
array, which changes the source of the value from a form post to a
program. Doesn't seem right to me.
Third, if you do want to "scrub" the input, that implies modifying
$_POST['something'], which is in direct conflict with Chris Shiftlett's
$clean_array approach. Ok, so what's the harm in letting a user send
him/herself a potential <nastystuff> script -- still seems wrong to me.
Comments?
Cliff Hirsch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050901/9573babb/attachment.html>
More information about the talk
mailing list