Which of the two is better? (page validation)

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Sequalit
Forum Commoner
Posts: 75
Joined: Wed Oct 12, 2005 9:57 pm
Location: Texas

Which of the two is better? (page validation)

Post by Sequalit »

What is better to use, the isset function or the in_array function? And why?

isset

Code: Select all

 
$myModule;
private $moduleArray=array(                 
        'home'          => 'news.php',              
        'news'          => 'news.php',              
        'transactions'  => 'transactions.php',
        'login'         => 'login.php',
        );
 
if(!isset($moduleArray[$_POST['module']]))
               $myModule = $moduleArray['home'];
else
               $myModule = $moduleArray[$_POST['module']];
 
echo $myModule;
 
 
in_array

Code: Select all

 
$myModule;
private $acceptableParams=array(                    
        'home' ,            
        'news'  ,       
        'transactions'  ,
        'login'         
        );
 
if(!in_array($_POST['module'], $acceptableParams))
                $myModule = "home". ".php";
else
                $myModule = $_POST['module'].".php";
 
echo $myModule;
 
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Which of the two is better? (page validation)

Post by John Cartwright »

The perfomance difference in your case is negligable. So you answer your question either is fine.

However, you still need to check that $_POST['module'] exists before using it.. personally I'd do

Code: Select all

 
if (isset($_POST['module']) && in_array($_POST['module'], $moduleArray)) {
 
}
Post Reply