I would like to know your opinion about the "best" place to sanitize user input.
My primary work is to develop Joomla! components that process user input (e.g. search strings, form fields... and so on).
To have an idea, I had a look at the Joomla's search component. Checking input is performed in the component's controller class:
Code: Select all
...
function search()
{
// slashes cause errors, <> get stripped anyway later on. # causes problems.
$badchars = array('#', '>', '<', '\\');
$searchword = trim(str_replace($badchars, '', JRequest::getString('searchword', null, 'post')));
// if searchword enclosed in double quotes, strip quotes and do exact match
if (substr($searchword, 0, 1) == '"' && substr($searchword, -1) == '"') {
$post['searchword'] = substr($searchword, 1, -1);
JRequest::setVar('searchphrase', 'exact');
....
I would be glad to know about your opinion or experience on th "best" place to sanitize user input.
Thanks in advance.