cunoodle2 Posted May 15, 2009 Share Posted May 15, 2009 Do you null set all variables at the top of your page? I'm just trying to go over the top with my scripts as of recent to attempt to prevent any injections/bad things from happening. Is this overkill or good coding practice... <?php ################################### # NULL SET ALL VARIABLES # ################################### $error = NULL; $errornum = NULL; $email = NULL; $password = NULL; $password2 = NULL; $firstname = NULL; $id = NULL; $phone = NULL; ################################### # GET PASSED IN VALUES # ################################### //these will all be sent in via the form submitted by the user $firstname = isSet($_POST['firstname']) ? $_POST['firstname'] : NULL; $password = isSet($_POST['password']) ? $_POST['password'] : NULL; $password2 = isSet($_POST['password2']) ? $_POST['password2'] : NULL; $email = isSet($_POST['email']) ? $_POST['email'] : NULL; ################################### # CLEAN DATA # ################################### $firstname = Clean($firstname); $password = Clean($password); $password2 = Clean($password2); $email = Clean($email); $error = Clean($error); $errornum = Clean($errornum); ?> Quote Link to comment https://forums.phpfreaks.com/topic/158308-is-this-overkill-or-good-coding-practice/ Share on other sites More sharing options...
Cosizzle Posted May 15, 2009 Share Posted May 15, 2009 Hmm I would rather see that opposed to random variables thrown all over the place. I suppose for something simple its not needed, but I wouldnt call it 'bad practice' Quote Link to comment https://forums.phpfreaks.com/topic/158308-is-this-overkill-or-good-coding-practice/#findComment-834944 Share on other sites More sharing options...
Ken2k7 Posted May 15, 2009 Share Posted May 15, 2009 It's not like there's anything to Clean if the variable is null. The last two are unnecessary. But it's fine. Quote Link to comment https://forums.phpfreaks.com/topic/158308-is-this-overkill-or-good-coding-practice/#findComment-834960 Share on other sites More sharing options...
allworknoplay Posted May 15, 2009 Share Posted May 15, 2009 Can you use isSet() like that? Are the functions case-sensitive? I thought it was always just: isset() Quote Link to comment https://forums.phpfreaks.com/topic/158308-is-this-overkill-or-good-coding-practice/#findComment-835013 Share on other sites More sharing options...
.josh Posted May 15, 2009 Share Posted May 15, 2009 if someone did manage to inject values into your variables beforehand, your new value assignments will overwrite it, regardless of whether it's NULL or $_POST['variable'] so that's really unnecessary. Quote Link to comment https://forums.phpfreaks.com/topic/158308-is-this-overkill-or-good-coding-practice/#findComment-835016 Share on other sites More sharing options...
cringe Posted May 16, 2009 Share Posted May 16, 2009 It's a great idea to always initialize all of your variables at the top of your script. If someone were to turn register globals on, you're more protected from "variable" injections. Quote Link to comment https://forums.phpfreaks.com/topic/158308-is-this-overkill-or-good-coding-practice/#findComment-835069 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.