jackmcdade/gist:3209202

## gistfile1.aw
<?php

// Bad
$name = (!empty($_GET['name'])? $_GET['name'] : 'John');

// Good
// Some basic sanitization. Make sure to clean further if inserting into database
$name = (!empty($_GET['name'])? $_GET['name'] : 'John');
$name = strip_tags($name);
$name = htmlspecialchars($name, ENT_QUOTES);

// Better
// A helper method to fetch and clean at the same time, with a default fallback.
function fetch_and_clean($var, $default) {
    if (isset($_GET[$var]) {
        return htmlspecialchars(strip_tags($name), ENT_QUOTES);
    }
    return $default;
}

$name = fetch_and_clean('name', 'John');
	<?php

	// Bad
	$name = (!empty($_GET['name'])? $_GET['name'] : 'John');

	// Good
	// Some basic sanitization. Make sure to clean further if inserting into database
	$name = (!empty($_GET['name'])? $_GET['name'] : 'John');
	$name = strip_tags($name);
	$name = htmlspecialchars($name, ENT_QUOTES);

	// Better
	// A helper method to fetch and clean at the same time, with a default fallback.
	function fetch_and_clean($var, $default) {
	if (isset($_GET[$var]) {
	return htmlspecialchars(strip_tags($name), ENT_QUOTES);
	}
	return $default;
	}

	$name = fetch_and_clean('name', 'John');