Validating contents of $_GET
Posted on 2013-01-23
I am looking for a way to validate the contents of $_GET and/or $_POST, something along the lines of PHP is_uploaded_file() works. Here is the specific scenario.
Two programmers are working on different classes as part of a larger web site. The "bad" programmer intends to sabotage the project by changing the request variable with something like this, before handing off control to the class coded by the good programmer.
$_GET['username'] = 'Evil';
Since $_GET is mutable and present in every class and namespace, this risk exists. Is there a way to verify the original request variable, other than to trust $_GET?
Thanks to all, ~Ray