NYCPHP Meetup

[David Krings]

Jakob Buchgraber wrote:
> Hey!
> 
> I was wondering how you handle the data from $_FILE, $_SERVER etc. in 
> your application. I mean, most of you probably use some framework that 
> implements the request object pattern in combination with the 
> intercepting filter pattern. So this makes unit testing easy and may 
> also improve the security of your application. So how do you handle e.g. 
> the data coming from $_FILE? Do yo just access them directly or is there 
> also some super cool solution? :D
> 
> Cheers,
> Jay


Honestly, I think that acessing them directly is already a supercool 
solution. Can't get any easier to get a file from A to B. I also 
wouldn't know what a framework could make easier in regards to that.
What is nice is to have consistent array values mainly from $_SERVER. 
Some time ago someone posted code for this as reply to a question that I 
asked. And that code did come from a framework and I think that is 
indeed super cool as it helps to get stuff working regardless of server 
and OS platform.
I must admit that I haven't work much with frameworks, but would use one 
mostly for the UI and database access so that I don't have to bother 
with layouts and going through the several steps for a select query.

In regards to security, input is evil, even when it comes from a table 
that only your app writes to. Always check for sanity and never trust 
anything, not even a file to be there that you just created a few lines 
earlier. I tend to get a bit paranoid in those cases where something 
being there really matters.


David