[Soup]

Quote:

Originally Posted by sv1cec

Soup,

Thanks for the details, much appreciated. I have already been working on this, since this morning, and I have globalized all the _GET or _POST variables. But I was not aware that you can use kist $id instead of $_GET['id']

So any variable entered in the globalize function, can then be used with the part withing the brackets, that's what I figure out from looking at the globalize code. Am I correct? And how do you differentiate if you have a _GET['do'] and a _POST['do']?

That is correct. It would be the same as writing

PHP Code:

$id = intval($_GET['id']); 


The only way to check if it is _POST or _GET would be to check per if statements which one of them is set, however I don't think it is ever necessary to do so.

If you only want input from _GET, you use $_GET as the first parameter of globalize(), if you only want input from _POST you use $_POST. If you want input from both and don't care which one is used, you can use $_REQUEST.

Quote:

Originally Posted by sv1cec

Also, for STR variables, except from globalizing them (maybe using STR_NOHTML), is it also necessary to addslashes to them?

Again, thanks for the input, sincerely appreciated.

Yes. STR basically leaves the input untouched (besides calling trim()), and STR_NOHTML converts all HTML tags and double quotes (") into 'safe' equivalents, however the 'dangerous' (in terms of SQL Injections) single quotes (') are untouched. So if you are running a query, you will need to run addslashes() on it.