Jakob Buchgraber wrote:
Hey!
I was wondering how you handle the data from $_FILE, $_SERVER etc. in
your application. I mean, most of you probably use some framework that
implements the request object pattern in combination with the
intercepting filter pattern. So this makes unit testing easy and may
also improve the security of your application. So how do you handle e.g.
the data coming from $_FILE? Do yo just access them directly or is there
also some super cool solution? :D
Cheers,
Jay
Honestly, I think that acessing them directly is already a supercool
solution. Can't get any easier to get a file from A to B. I also
wouldn't know what a framework could make easier in regards to that.
What is nice is to have consistent array values mainly from $_SERVER.
Some time ago someone posted code for this as reply to a question that I
asked. And that code did come from a framework and I think that is
indeed super cool as it helps to get stuff working regardless of server
and OS platform.
I must admit that I haven't work much with frameworks, but would use one
mostly for the UI and database access so that I don't have to bother
with layouts and going through the several steps for a select query.
In regards to security, input is evil, even when it comes from a table
that only your app writes to. Always check for sanity and never trust
anything, not even a file to be there that you just created a few lines
earlier. I tend to get a bit paranoid in those cases where something
being there really matters.
David
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
