|
Posted by zorro on 05/07/06 14:18
greetings...
I'm wondering what more advanced coders would think ot this:
$_POST['myvar'] = clean($_POST['myvar']);
and now I can use POST directly:
$sql= "select * from T1 where myvar='$_POST[myvar]' " ;
function clean($var){
return addslashes(trim($var)); // whatever
}
The reason I came up with this is because i often end up calling
clean() several times on the same variable. So to avoid declaring a php
variable for each posted one, I would use an array
$arr['myvar']=clean($_POST['myvar'])) ;
$arr['myvar2']=clean($_POST['myvar2'])) ;
but since $_POST is already there, why not use it? The benefit is
simpler code, but maybe there are some security issues - that's what I
don't know.
[Back to original message]
|