Your opinion: "best" place to sanitize user input.

For Joomla! 2.5 Coding related discussions, please use: http://groups.google.com/group/joomla-dev-general
Note: All 1.6, 1.7 and 3.5 releases have reached end of life and should be updated to 3.x.

Moderator: ooffick

Forum rules
Please use the mailing list here: http://groups.google.com/group/joomla-dev-general rather than this forum.
Locked
fade2black
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Tue Nov 20, 2012 5:48 am

Your opinion: "best" place to sanitize user input.

Post by fade2black » Sat Dec 08, 2012 8:53 pm

Hello guys,
I would like to know your opinion about the "best" place to sanitize user input.
My primary work is to develop Joomla! components that process user input (e.g. search strings, form fields... and so on).
To have an idea, I had a look at the Joomla's search component. Checking input is performed in the component's controller class:

Code: Select all

...
function search()
	{
		// slashes cause errors, <> get stripped anyway later on. # causes problems.
		$badchars = array('#', '>', '<', '\\');
		$searchword = trim(str_replace($badchars, '', JRequest::getString('searchword', null, 'post')));
		// if searchword enclosed in double quotes, strip quotes and do exact match
		if (substr($searchword, 0, 1) == '"' && substr($searchword, -1) == '"') {
			$post['searchword'] = substr($searchword, 1, -1);
			JRequest::setVar('searchphrase', 'exact');
....
However, in my all source codes I perform user input validation in model classes just before I build SQL queries.
I would be glad to know about your opinion or experience on th "best" place to sanitize user input.
Thanks in advance.
Top
Locked

Return to “Joomla! 2.5 Coding”