Should the function or the caller be resonsible for input validation?
Posted
by haudenschilt
on Stack Overflow
See other posts from Stack Overflow
or by haudenschilt
Published on 2010-06-07T19:50:32Z
Indexed on
2010/06/07
20:02 UTC
Read the original article
Hit count: 141
I'm doing a security audit on a fairly large php application and was wondering where I should include my user-input validation.
Should I validate the data, then send the clean data off to the back-end functions or should I rely on each function to do it's own validation? Or even both?
Is there any standard or best-practice for this sort of thing?
Currently the app does both inconsistently and I'll like to make things more consistent.
© Stack Overflow or respective owner