Use $ _POST ["x"] directly or copy a local variable and then use?
Consider the following pair of snippets, both doing the same thing.
<html>
<body>
<?php
if(isset($_POST["firstName"]) && isset($_POST["lastName"])){
//I'm copying the POST variable to a local one.
$firstName = $_POST["firstName"];
$lastName = $_POST["lastName"];
echo "<h1>Thank you for taking the census!</h1>";
echo "On behalf of Sergio Emporium, we name you: " . $firstName . $lastName . ", conquerer of worlds!";
//Here I'm just pulling it from the POST info.
echo "I think that fitting since you're a " . $_POST["item"];
}
else {
echo "You didn't write in the necesarry information.";
}
?>
</body>
</html>
What is better to use (in terms of security) and which one is recommended to use by standards.
Since I'm new to PHP, this is what pulls my chain. Thank you, guys!:)
I would say that none of these two solutions changes anything in terms of security, if you are correct:
- Filter / Input Validation
- and exit Escape.
Here, when you output some HTML, it may be useful to avoid your data with htmlspecialchars, for example ;-)
, , :
$_POST- - "" script.
google, PHP: http://code.google.com/speed/articles/optimizing-php.html
, script , script , $_REQUEST :
<?php
$req_param1 = $_REQUEST['param1'];
...
if (isset($req_param1)) {
...
}
...
Currently, I do it differently. I usually use define()or in a class constto determine the parameter names that I expect to receive from a request. Then I can find those that are in the code to see where I really fix them:
define('REQ_PARAM1', 'param1');
...
function foo(){
if (isset($_REQUEST[REQ_PARAM1])){
...
}
...
}
class example:
class MyClass {
const REQ_PARAM1 = "param1";
...
function foo(){
if (isset($_REQUEST[MyClass::REQ_PARAM1])){
...
}
}
}