473,387 Members | 1,515 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > is it legal to change $_post

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Is it legal to change $_POST


Folks,

When I read data from my form, I sanitize it before recording it in MySQL.
At the moment, the values in $_POST are cleaned and returned in a new array
called $formData.

I found my accident that I could change the value of $_POST thus I was
thinking it would be better usage of memory (and therefore overall
performance) if instead of having duplicate data that I instead have the
cleaned data returned to $_POST.

I know I *can* do this - what I don't know is if its a feature or a bug (ie
if I depend on it now will later versions of PHP (either v4 or v5) make such
a dependancy redundant.

Can anyone comment on what they advise as being best practice here?

cheers
randelld
Jul 16 '05 #1
3 6048
Randell D. wrote:
I found my accident that I could change the value of $_POST thus I was
thinking it would be better usage of memory (and therefore overall
performance) if instead of having duplicate data that I instead have the
cleaned data returned to $_POST.


I recommend doing this, especially when you're working on a project with
other programmers who might not be so diligent about variable cleaning.

I work on a CMS project and we clean all user-generated variables right
at the start, because we know that some 3rd party module developers are
too lazy to bother, thus breaking security for the whole system.

Jochen

--
/**
* @author Jochen Buennagel <zang at buennagel dot com>
*/

Jul 16 '05 #2

"Why?" <wh*@why.com> wrote in message
news:bi**********@bunyip.cc.uq.edu.au...
Randell D. wrote:
"Jochen Buennagel" <za**@buennagel.com> wrote in message
news:bi*************@news.t-online.com...
Randell D. wrote:

I found my accident that I could change the value of $_POST thus I was
thinking it would be better usage of memory (and therefore overall
performance) if instead of having duplicate data that I instead have thecleaned data returned to $_POST.

I recommend doing this, especially when you're working on a project with
other programmers who might not be so diligent about variable cleaning.

I work on a CMS project and we clean all user-generated variables right
at the start, because we know that some 3rd party module developers are
too lazy to bother, thus breaking security for the whole system.

Jochen

--
/**
* @author Jochen Buennagel <zang at buennagel dot com>
*/

Faire comment on cleaning the data - I am aware of the risks - however, my question related as to where you keep the cleaned data.

Do you return your cleaned data to $_POST or do you return it to another
newer variable thus doubling the memory used to retain your user variable data.


For the scripts I do I have a recursive function that goes through all
$_GET, $_POST and $_COOKIE variables and adds slashes to them if
auto-slashes is on (not them directly but the contents of the arrays). I
simply just modify the variables in place.

IMHO, It's perfectly fine to just put the 'cleansed' input data back
into the corresponding variables indexes.

Cheers,
Why.


Thanks
Jul 16 '05 #3

"Jochen Buennagel" <za**@buennagel.com> wrote in message
news:bi*************@news.t-online.com...
Randell D. wrote:
I found my accident that I could change the value of $_POST thus I was
thinking it would be better usage of memory (and therefore overall
performance) if instead of having duplicate data that I instead have the
cleaned data returned to $_POST.


I recommend doing this, especially when you're working on a project with
other programmers who might not be so diligent about variable cleaning.

I work on a CMS project and we clean all user-generated variables right
at the start, because we know that some 3rd party module developers are
too lazy to bother, thus breaking security for the whole system.

Jochen

--
/**
* @author Jochen Buennagel <zang at buennagel dot com>
*/


Faire comment on cleaning the data - I am aware of the risks - however, my
question related as to where you keep the cleaned data.

Do you return your cleaned data to $_POST or do you return it to another
newer variable thus doubling the memory used to retain your user variable
data.
Jul 16 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Quieres ganar Dinero (fasil, rapido y legal). Te apetece.?
by: pakkocool | last post by:
¿Como ganar dinero en internet? Lee atentamente el siguiente texto, es super interesante y te hara ganar muchos dolares si sigues las instrucciones y le pones empeño: Hace unos días que...
PHP
5
Use of Pull Down menu to change contents of web page
by: Glenn Mulno | last post by:
Hi, I am trying to create a report page for several teams. Each team runs the same reports but the reports use different values. For a while this was getting insane everytime I updated the...
HTML / CSS
9
change drop down box values on the fly
by: Matt | last post by:
I have 2 drop down boxes. When the user changes the values in one drop down box, the values in another drop down box will be changed on the fly. Is it possible to do that? in client side or...
Javascript
4
WebClient Class Method=Post
by: Paul J. Lay | last post by:
I am sending and receiving multipart messages using the WebClient UploadData method Method=Post. Everything seems to work well except when the URL contains parameters. For example:...
ASP.NET
9
Is this legal (templates)
by: Mark P | last post by:
The following code upsets one of my compilers (Sun CC). It reports that Q is not defined at line 12. It doesn't seem to like that I've renamed the template formal parameter from T to Q, because...
C / C++
13
why I can't change the gloable variable
by: Sakula | last post by:
#define MAX 20 /* includes */ #include<iostream.h> #include<stdio.h> #include<malloc.h> #include<string.h>
C / C++
2
Not able to send data by POST using XMLHttpRequest (ajax)
by: ajaxcoder | last post by:
Hi In my project i had a login form and i am trying to send the username and password to the server for authentication using xmlHttpRequest. Hence i am using POST request but i am unable to send...
Javascript
10
Is this legal? assigning return value to a const ref?
by: flopbucket | last post by:
Hi, Is this legal? std::string foo() { std::string xyz = "FOO"; return xyz; }
C / C++
26
WG14 Post Santa Clara mailing available
by: =?iso-8859-1?q?Keld_J=F8rn?= Simonsen | last post by:
The Post Santa Clara mailing is now available from the WG14 web site at http://www.open-std.org/jtc1/sc22/wg14 I also updated some of the other information on the pages. Best regards Keld...
C / C++
3
MMcCarthy
7 Legal Issues Every Consultant Should Consider
by: MMcCarthy | last post by:
If you are thinking about setting up as an Independent Contractor there are a number of factors you should consider about how that would change the way in which you work. While thinking about this...
Career Advice
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!