Jump to content
spoetnik

Where to sanitize your data...

Recommended Posts

So, I have build a form, and I can call this in my template like:

<?=AddPostForm/>

After submitting this form, the data is passed to a function with all the input values to add the post.

Where do you sanitize your data? Is that the responsibility of the form, before passing the data to the function, or do you expect the function to sanitize the data before handling it?

Share this post


Link to post
Share on other sites
2 hours ago, spoetnik said:

Where do you sanitize your data?

At the earliest opportunity possible when it hits the server. This means in the function, or an intermediary function first, which then passes the clean data to the function that creates the post. If the data does not pass the sanitise process, we redirect back to the form. The form can do client-side validation, e.g. was the email input filled, does that look like an email, etc?

Share this post


Link to post
Share on other sites

I let my forms module do that 😉 it uses the nette forms framework for proper sanitisation (both on frontend and backend)

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...