Page 2 of 2

Posted: Wed Sep 21, 2005 7:12 am
by Maugrim_The_Reaper
Only a possible suggestion.. On an online game for instance this could be useful. If someone tries things like passing illegal values you could cancel their account. If you notice my first recommendation was the home page.
Anyway, aren't we validating and filtering all this input? It's just as useful to define the expected GET/POST keys, and their types. Check actual data, filter out the undefined stuff, and then onto your script and its usual checks on the superglobals.

Not sure about cancelling. What is someone is posted a false url (just to get them cancelled/banned)? Better the data is filtered then sanitised where needed. If must be, plant a few log entries and notify a game admin by some method...