Skip to content

Instantly share code, notes, and snippets.

@jackmcdade
Created July 30, 2012 19:03
Show Gist options
  • Save jackmcdade/3209202 to your computer and use it in GitHub Desktop.
Save jackmcdade/3209202 to your computer and use it in GitHub Desktop.
Bad PHP Example
<?php
// Bad
$name = (!empty($_GET['name'])? $_GET['name'] : 'John');
// Good
// Some basic sanitization. Make sure to clean further if inserting into database
$name = (!empty($_GET['name'])? $_GET['name'] : 'John');
$name = strip_tags($name);
$name = htmlspecialchars($name, ENT_QUOTES);
// Better
// A helper method to fetch and clean at the same time, with a default fallback.
function fetch_and_clean($var, $default) {
if (isset($_GET[$var]) {
return htmlspecialchars(strip_tags($name), ENT_QUOTES);
}
return $default;
}
$name = fetch_and_clean('name', 'John');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment