appdb security

EA Durbin ead1234 at
Thu Jun 8 18:44:15 CDT 2006

>>Is there a reason why we don't do the if(empty()) check inside of 

as in put the if(empty()) inside of the function itself, or pass if( empty 
(makeSafe( $_REQUEST['appId'] ) ) ) when we assign it?

the reason I didn't put it in the makeSafe function was because we were 
testing to see if the variable was isset or empty and determining on the 
point of the application the result was either set to "" or 0, you could do 
it inside of the makeSafe() function but returning "" may not always be the 
desired results.

you could call the empty() test while you were assigning it, I just always 
start out assigning all of the user input variables I'm going to use at the 
top of the page by passing them through makeSafe.

function makeSafe( $var )
    $var = trim( addslashes( $var ) );
    return $var;

$clean['var1'] = makeSafe( $_REQUEST['var1'] );
$clean['var2'] = makeSafe( $_REQUEST['var2'] );

then any subsequent test called upon the variables are ensured to be clean.

if your desired output of makeSafe is to be "" if its empty then you could 
put the empty() test inside of makeSafe, but further down in the app we were 
testing for empty and returning 0.

More information about the wine-devel mailing list