Proper request_var format for input types

Discussion forum for MOD Writers regarding MOD Development.
Locked
User avatar
kateland
Registered User
Posts: 198
Joined: Wed Nov 22, 2006 7:08 pm
Location: Philadelphia, PA
Contact:

Proper request_var format for input types

Post by kateland »

I've read the CodeWiki and the blog post about request_var and understand that I want to be careful about how I request vars to prevent SQL injections.

I have multiple datatypes in a form: String, integers, and an mp3 (is that considered multibyte?)

What is the proper way to set up the below variables?

Code: Select all

// title of song
$song_1_title = utf8_normalize_nfc(request_var('song1title', '', true));
// mp3 file
$song_1_file = request_var('song1file', '', true);
// Allow downloads (0, 1)
$song_1_dl = request_var('song1dl', 0, true);
Thanks!
here's your love letter
you bloodletter
you disappointed every time
User avatar
tbackoff
Former Team Member
Posts: 7064
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: Proper request_var format for input types

Post by tbackoff »

kateland wrote:

Code: Select all

// title of song
$song_1_title = utf8_normalize_nfc(request_var('song1title', '', true));
// mp3 file
$song_1_file = request_var('song1file', '', true);
// Allow downloads (0, 1)
$song_1_dl = request_var('song1dl', 0, true);
Since you are expecting only expecting integers for song1dl, you dont need the , true part for request_var. Other than that, I don't see a problem.
Flying is the second best thrill to cheerleaders; being caught is the first.
User avatar
kateland
Registered User
Posts: 198
Joined: Wed Nov 22, 2006 7:08 pm
Location: Philadelphia, PA
Contact:

Re: Proper request_var format for input types

Post by kateland »

Thank you! I was confused on whether multimedia files (pics, sound files) would be string or integer...Looks like you're saying string?
here's your love letter
you bloodletter
you disappointed every time
Locked

Return to “[3.0.x] MOD Writers Discussion”