Using $_POST directly after validation against a white list
Posted: Sat Aug 07, 2010 11:28 pm
I'm always skeptical of using requests directly, but my naive self sees nothing wrong with the following.
I did have a switch block with six different cases, and called the respective methods manually, but the code above reduces the code density and repetition. However, I am concerned that using $_POST directly will have a hidden security risk. Is there anything wrong with this? If so, would there be a better way, other than the aforementioned?
Code: Select all
$actions = array("create", "edit", "_create", "update", "delete", "complete");
if(in_array($_POST['action'], $actions))
$this->$_POST['action']();
else
$this->index();