/
Security Principles
Security Principles
Variable Checking
Where possible scripts should as quickly as possible check for any needed variables and exit if these are missing. The advantage of exiting if they are missing is to minimise PHP warnings and fatal errors.
New code must use one of these methods to to access all variables passed to a page.
The param class contains 4 methods that can be used to check and clean variables passed to a page:
param::clean()
param::clean($value, $type)
Parameter | Type | Explanation |
---|---|---|
$value | mixed | The value that should be cleaned |
$type | int | The type that $value should be cleaned as. It should be passed as one of the param class constants, i.e. param::FLOAT |
The cleaned value will be returned, or null if it does not match the type passed.
param::clean_array()
param::clean_array($value, $type, $required)
Parameter | Type | Explanation |
---|---|---|
$value | array | The array that should be cleaned |
$type | int | The type that |