spoetnik Posted September 25, 2018 Share Posted September 25, 2018 So, I have build a form, and I can call this in my template like: <?=AddPostForm/> After submitting this form, the data is passed to a function with all the input values to add the post. Where do you sanitize your data? Is that the responsibility of the form, before passing the data to the function, or do you expect the function to sanitize the data before handling it? Link to comment Share on other sites More sharing options...
kongondo Posted September 25, 2018 Share Posted September 25, 2018 2 hours ago, spoetnik said: Where do you sanitize your data? At the earliest opportunity possible when it hits the server. This means in the function, or an intermediary function first, which then passes the clean data to the function that creates the post. If the data does not pass the sanitise process, we redirect back to the form. The form can do client-side validation, e.g. was the email input filled, does that look like an email, etc? Link to comment Share on other sites More sharing options...
bernhard Posted September 25, 2018 Share Posted September 25, 2018 I let my forms module do that ? it uses the nette forms framework for proper sanitisation (both on frontend and backend) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now