Should the function or the caller be resonsible for input validation?

Posted by haudenschilt on Stack Overflow See other posts from Stack Overflow or by haudenschilt
Published on 2010-06-07T19:50:32Z Indexed on 2010/06/07 20:02 UTC
Read the original article Hit count: 141

I'm doing a security audit on a fairly large php application and was wondering where I should include my user-input validation.

Should I validate the data, then send the clean data off to the back-end functions or should I rely on each function to do it's own validation? Or even both?

Is there any standard or best-practice for this sort of thing?

Currently the app does both inconsistently and I'll like to make things more consistent.

© Stack Overflow or respective owner

Related posts about php

Related posts about best-practices