Back on topic - filtering. Since it's legacy code and I'm not in the mood to start a rewrite was wondering about the validity of the following approach. It seems to be a no-no, but for no reason anyone actually seems to explain.
Normally:
Code: Select all
$filter = new InputFilter();
$cleanpost = $filter->filter($_POST);Code: Select all
$filter = new InputFilter();
$cleanpost = $filter->filter($_POST);
unset($_POST);
$_POST = $cleanpost;
unset($cleanpost); // since its not actually used anymoreNote: I neither want nor need the original uncleaned data, not for the moment. Filter compares a definition (some class stating what the targeted page expects in its data) against the original $_POST, and deletes unexpected data.