Got a simple function inside class that initializes message variable, setting POST value to it. Is there any point of setting it since $_POST will be available anywhere in the class anyway..? Does this raises any security concerns?
function set_posted_data(){
$this->message = $_POST["message"];
}
分享 I would do this slightly different. Regrettably I have no idea what your class looks like, so I have to make some guesses. First of all I would always start with a general function:
public function setMessage($message) {
$this->message = $message;
}
So you can still use the class, even when the message isn't posted. Now normally I would set the posted value like this:
myclass.setMessage($_POST["message"]);
So, I wouldn't be using superglobals in the class at all. I would normally surround this with some checks, so only valid messages are accepted. Here's where I run into problems: I have no idea what to do here, because I don't know anything about your code. But checking the length could be useful, and maybe HTML code is not allowed, etc. General checks can be incorporated in the class, for instance, no HTML:
public function setMessage($message) {
$this->message = strip_tags($message);
}
I would process all the posted parameters, and do all specific checks, more-or-less together. That makes it easier to check if the code is secure.
分享
