On 7/16/07, Peter Sawczynec <[EMAIL PROTECTED]> wrote:
I have inherited some old legacy code that down and dirty uses $_REQUEST
to universally grab all varibales from combined GET and/or POST form
submissions.
So I want to be equally blunt and directly chop up and massage $_REQUEST
before any code handles it.
I want to have an array of acceptable "white list" $_REQUEST variable
names I am looking for, allow those to remain in the $_REQUEST array,
but I want all other $_REQUEST variables removed/destroyed out of
$_REQUEST.
Then simply allow the the remaining "white list" $_REQUEST to flow into
the code.
Down and dirty calls for a foreach. ;-)
foreach( $_REQUEST AS $key=>$val ) {
if ( !in_array( $key, $whitelist ) ) {
unset( $_REQUEST[ $key ] );
}
else {
// do you have validation routines?
// whitelist could include type info for validation...
switch( $whitelist[ $key ] ) {
case 'text':
$_REQUEST[ $key ] = validated_text( $val );
break;
}
// end else
}
// end foreach
}
Maybe you were looking for something more efficient, but being able to
independently validate the values might make it worth a few extra
cycles, depending on whether the downstream code performs validation.
--
Chris Snyder
http://chxo.com/
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
