raslin

hello guys, i'm building mvc framework just for study, any way, i got this dilema, lets say the controller gets data, and i have to validate it, i have 2 classes (in the model folder) validation class send class in the conntroller i can do like that: <? $data = $_POST['data']; $valid = new validate; $data = $valid->validate($data); $send = new send; $send->sendit($data); ?> and the second option is calling the validate class from the send class like that <? class send{ var $valid; var $data function __donstruct($data){ $this->data = $data; $valid = new validate; } public function sendit(){ $this->valid->validate($this->date) return $data; } } ?> its of course not my MVC i just invented somethid for the demonstration of my architecture dilema. hope to get help, thanks alot!

wow, thanks alot! adding mysql_real_escape_string to every post and get in enough to secure data that works with mySql? thanks again!

i am using php 5 and this is the way i securing data: to be sure its an integer: $var = (int) $_POST["var"]; to work with any string: $var = htmlspecialchars($var, ENT_QUOTES); is this enough? do i need to add mysql_real_escape_string or the code above is enough for everything? thanks alot!