Jump to content

Is this correct use of $sanitizer?


Recommended Posts


I am sanitizing some variables coming in via GET through Ajax as follows before passing them on to a selector. Is this the correct way of doing it? Secondly, can I instead type cast where I am expecting integers? Thanks.

$sort = explode(" ", $sanitizer->selectorValue($input->get->SortX)); 
$sortOrder = $sort[1] == "DESC" ? "-" : "" ; 
$sortValue = $sort[0];

$start = $sanitizer->selectorValue($input->get->StartX);
$limit = $sanitizer->selectorValue($input->get->SizeX); 

//Would this suffice as well since I am expecting integers here?
//$start = (int) $input->get->StartX;
//$limit = (int) $input->get->SizeX;

//What about this (access as array index)?
//$start = (int) $input->get["StartX"];
//$limit = (int) $input->get["SizeX"];

$results = $pages->find("has_parent!=2, id!=2|7, include=all, start=$start, limit=$limit, sort=$sortOrder$sortValue");

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...