POST Variables
Development and Programming
Hi,
If I clean the POST variable thus:
$_POST = $REGX->xss_clean( $_POST );Should I still access the individual variables via the Input class:
$new_num_rows = $IN->GBL('total_rows', 'POST');Or is this just doubling up?
I can only assume this question is too hard or too dumb, but I don’t know which?
My concern is that accessing POST variables via the $IN class may be needlessly using more resources than just using $_POST[‘my_variable’] if the security added by using the $IN class merely repeats what $REGX->xss_clean( $_POST ) has already done.
Hope this makes sense.
I could be wrong about what it all means but I don’t think that data is sanitised merely by using the $IN class at least not for $_POST data anyway.
More information can be found here although I might be misunderstanding though.
Best wishes,
Mark
Thanks Mark, the link you provided seems to make it quite clear that $IN does not sanitise POST variables. However, the documentation for the Input class seems to imply that it does clean the POST variables (at least it doesn’t specify that they are not cleaned).
Unless I hear otherwise, I think it would be best to assume that the Input class does not clean the POST variables.
Thanks; that clears things up I think.