Hi,

When we are working with GET, POST or COOKIE data at least myself i am wondering "what if someone is trying to hijack the code". So, i am trying to convert all params i get from those sources using various techniques.

Let me show you one simple case (before using Zend Framework, now trying to upgrade this side to ZF too):

if(isset($_GET["page"]))
$page = $_GET["page"] = intval($_GET["page"]);
else
$page = "1";

In this case the param is a number, but anyway, can be a small text even (not necessary without any other characters: maybe is a product name: Metal-Pieces or similar).

So, which would be the best technique to ensure someone not trying to force your code. Could be even an attempt to SQL inject you database ?

Of course Zend_DB provides mechanisms (->quote() or others) to defend against such things, but maybe is better to try stopping all since beginning... On GET, POST, aso...

So, any opinions ?

__________________
Zend Framework Tutorials | Zend Framework Forums | Zend Framework IRC Channel |
| Zend Framework Resources | CoreShifter