|
|
Posted by Richard Levasseur on 05/08/06 08:57
A good general rule of thumb is to leave super globals alone as much as
possible. If you do need to modify them, modify only the parts you
need. Modifying super globals is just asking for trouble when you
start introducing code that assumes (and relies on) those superglobals
are untouched. It may be a bit more work, but i think its very much
worth it with regards to input validation.
Also's:
I also don't see a difference between this and the god forsaken
magic_quotes ini option.
addslashes() doesn't escape everything necessary to make a string safe
for an SQL query (iirc, it was something in oracle or postgres)
A fun gotcha would be when you clean() something twice, but then only
stripslashes() once, giving you a nice growing list of \'s for the
users input, which is incredibly annoying to the poor guy trying to use
the form.
[Back to original message]
|