Posted: Wed Sep 21, 2005 7:12 am
Anyway, aren't we validating and filtering all this input? It's just as useful to define the expected GET/POST keys, and their types. Check actual data, filter out the undefined stuff, and then onto your script and its usual checks on the superglobals.Only a possible suggestion.. On an online game for instance this could be useful. If someone tries things like passing illegal values you could cancel their account. If you notice my first recommendation was the home page.
Not sure about cancelling. What is someone is posted a false url (just to get them cancelled/banned)? Better the data is filtered then sanitised where needed. If must be, plant a few log entries and notify a game admin by some method...