questions about comparisions in the PHP code base (Technics)
Hello
Please bear in mind, that the use of
$_REQUEST
is not the normal behaviour even it ispresent on several places. On most places the checks performs explicitely against$_GET
or$_POST
(or what else) to ensure the source of the variables. IMHO this has a better readability than$_REQUEST
but also a better readability than a function (without a parameter to specify way of the incoming data) because in the code I can see the designated source of the data.$foo = (!empty($_GET['bar'])) ? trim($_GET['bar']) : NULL; // ahhh, an URL-parameterTschö, Auge
Yes, I agree with that $_GET is preferred over $_REQUEST. But my point is that you may end up with code like the one below:
$page = (!empty($_GET['page'])) ? trim($_GET['page']) : 0; // ahhh, an URL-parameter
And that the code later assume that $page is an integer and therefore is not quoted correctly in a SQL query. Which may open up the forum for SQL injection.
Example:
$query = 'SELECT .... FROM ... WHERE page='.$page.' AND ... ';
By using a function, you will force that the parameter $page is an integer and thereby protect from SQL injection.
Kind regards,
Daniel