Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I wrote this, and wanted to get everyones opinion. I use this when I’m expecting a variable from a FORM submission. Ie:
<form method="post" action="index.php">
Username: <input type="text" name="username">
</form>
$username = get_request('username');
function get_request($name) {
if(isset($_REQUEST[$name])) {
//return mysql_real_escape_string(htmlentities($_REQUEST[$name]));
return mysql_real_escape_string($_REQUEST[$name]);
} else {
return "";
}
}
While mysql_real_escape_string() does a good job, you may wish to be stricter on what you return. E.g. if you only need alphanumeric characters it would be safer (and possibly faster) to do:
Or even use filter_var if you are running PHP 5.2+.
Also as mentioned above, you if you can easily use $_POST instead of $_REQUEST if you are only handling POST data.
Other than than that, keep up the good work! 🙂