|
|
Posted by Richard Davey on 06/08/05 18:49
Hello afan,
Wednesday, June 8, 2005, 4:33:24 PM, you wrote:
aan> My question though was is the difference in code I mentioned just
aan> a "habit of writing code" or there is some more? Some security
aan> issues too?
It was most likely just a coding habit - there was no discernable
difference between having one clean variable for each $_POST value,
than having one array holding all values. It was probably just a way
to keep things organised so you'd not initialising stacks of variables
all over the place.
aan> To store submitted info to DB I would (now) use following code:
aan> $name = mysql_real_escape_string($_POST['name']);
The sooner you change this practise, the better :) But you know that
anyway.
aan> doing the same using arrays:
aan> $submitted = array();
aan> $submitted['name'] = mysql_real_escape_string($_POST['name']);
aan> Is this REALLY the same or there is a difference in security or
aan> something else?
You're effectively doing exactly the same thing, the difference being
that you may find it quicker / less prone to error to keep things
contained in a single clean array. As it stands however your array
isn't clean and you really need to start filtering the data first and
then putting it into a clean array - hope that makes sense?
Best regards,
Richard Davey
--
http://www.launchcode.co.uk - PHP Development Services
"I do not fear computers. I fear the lack of them." - Isaac Asimov
Navigation:
[Reply to this message]
|