tags:

views:

184

answers:

2
+2  Q: 

Kohana input & validation libraries - overlap?

I'm familiarizing myself with Kohana. I've been reading up on the Input library, which automatically pre-filters GET and POST data for me, and the Validation libary, which helps with form filtering and validation.

Should I use both together? The examples given in the Validation library documentation use the unfiltered $_POST array instead of $this->input->post(). Seems to me it would be more secure to chain the two, but the two sets of documentation seem to make no mention of each other, so I don't know if this would be redundant or not.

A: 

The $_POST, $_GET, and $_COOKIE globals are pre-sanitized if global XSS filtering is turned on (it's on by default). That's one of the reasons why your code extends the Kohana classes, so that housekeeping stuff like input sanitization is taken care of for you. They encourage use of the input library methods, though, so there's no reason not to use them. They may just use $_POST in the validation examples because they want to explain the different libraries independent of one another.

Their code to instantiate a validation class should be:

$post = new Validation( $this->input->post() );

And yes, by all means use them together! It's all meant to fit together nicely.

cowbellemoo  2010-04-13 18:23:29
I do not recommend using Global XSS filtering; I personally prefer to use $_POST over $this->input->post() in tandem with the Validation library because validation is intended to determine whether that input is valid or not :) So, there is no need to go the extra step. `$validation = new Validation($_POST);` Works perfectly well.
Ixmatus  2010-04-19 16:37:07
A: 

Yes, use both of them together.

Utah_Dave  2010-04-13 22:42:00

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases