Hi all,
Does anyone already heard about inspekt library ?
http://code.google.com/p/inspekt/
Quote from the web site:
Inspekt acts as a sort of 'firewall' API between user input and the
rest of the application. It takes PHP superglobal arrays, encapsulates
their data in an cage object, and
At 5:17 PM +0200 10/11/07, Manuel Vacelet wrote:
The thing that remains not very clear to me is where validation stop
and where application logic start.
Forgive me if I'm stating the obvious.
For me, there isn't a variable that I receive in any of my scripts
that I don't know what it should
Hi all,
I repeat the mantra 'filter input, escape output' every day before
writing any line of code.
About filter input I use to develop my own filter but I don't like
this solution as it's error prone (my regexp may be wrong, I don't
like to re-invent the wheel that much, ...).
I'd like to know
Manuel Vacelet wrote:
Hi all,
I repeat the mantra 'filter input, escape output' every day before
writing any line of code.
About filter input I use to develop my own filter but I don't like
this solution as it's error prone (my regexp may be wrong, I don't
like to re-invent the wheel that much,
On 10/11/07, Jim Lucas [EMAIL PROTECTED] wrote:
What are you wanting to validate?
Do you want a package/class/function set that when called will validate
different types of input?
Email, string, int, etc...
Basically yes.
I want to validate:
- type: (string, int, float, ..)
-
So, I'm trying to be more consistent about escaping my output.
I do something like this (only prettier):
if (!isset($_REQUEST['blah_id'])) error_out(Bad blah_id input);
$blah_id = (int) $_REQUEST['blah_id'];
$blah_id_sql = mysql_real_escape_string($blah_id, $connection);
$query = select title
6 matches
Mail list logo