Where to check query string values?
Posted: Fri Jan 21, 2011 3:38 am
In a recent project i thought about this issue, where to test the query string value? In this example the value retrieved from the query string looks like this
page.php?id=5
The value of $_GET['id'] is tested before it is passed to the modifyInformation() function. If it is valid, the script continues processing. If 0 is returned, an error message is echoed to indicate that the value is not correct.
My question: Where is the best place to test for validity of a value (or values) retrieved from the query string? Obviously before the value is used to manipulate the database but do you create something like my example or do you do the checking in modifyInformation() or elsewhere?
page.php?id=5
Code: Select all
if (checkValidId($_GET['id']) == 1) {
// ----
if (isset POSTbtn) {
// ----
modifyInformation()
}
else {
// ----
displayForm()
}
}
else {
// ----
echo 'Invalid id';
}
My question: Where is the best place to test for validity of a value (or values) retrieved from the query string? Obviously before the value is used to manipulate the database but do you create something like my example or do you do the checking in modifyInformation() or elsewhere?