Posted by comex on 12/04/05 01:29

> if((isset($_REQUEST['sub'])) && (!empty($_REQUEST['sub']))) {
empty is a language construct, not a function, so that is not
necessary. You can just do !empty(...).


> $error = false;
> return $error;
In your security_check function, you set $error to false in the
beginning for no reason; in fact, you don't need to use it all. You
could return false or return true, or simply
return !empty($x);

However, that doesn't actually work because when you call the
function, it assumes that $_REQUEST[whatever] is defined and could
cause a notice if it isn't; and $x will always be defined, even if set
to null.

Since your variables are coming from REQUEST anyway, you could write
it like this:
function security_check($x) {
return !empty($_REQUEST[$x]);
}

Then, if(!security_check('sub')) { ... }

Of course, there are people who can be more helpful and will probably
tell you to do more than just check if the variable exists.

• Next in forum: Re: [PHP] Security/$_REQUEST vars... How do you do it?
• Prev in forum: Security/$_REQUEST vars... How do you do it?
• Thread view: Re: [PHP] Security/$_REQUEST vars... How do you do it?

[Reply to this message]