How to properly validate Http requests in php?

A

Alexander2016-08-07 17:51:45

PHP

Alexander, 2016-08-07 17:51:45

I don't want to learn how to write shit code, so I want to learn how to properly validate php requests.
The first thing that came to mind (the code in the controller):

//В начале контролера прописывается правило, которое описывает какие данные нужно ожидать и в каком виде (integer string...)
//Длинное название, лишь чтоб вы поняли что она делает. Остальные переменные не попадут в контейнер
Client::waitRequestByRule( 
 'POST' => array('somefield' => 'rules'),
 'GET'  => array('somefield' => 'rules')
); //При успешной проверке, из данных переменных будет создан контейнер
//Проверка. Получен ли запрос, соответствующий правилам
if(Cliend::requestValid()) {
$data = Client::getRequestContainer() // Получение контейнера валидированых данных
}

The second option is to form a common data array from $_FILES,_POST,_GET,_COOKIE
And when processing this data, validate it, giving the user errors if any.

$data = Client::request();
$somefield = $data['GET']['somefield'];
if(Data::validate($somefield, 'rule')) return true;

Which is more correct. And how bad is the first option?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexey Skobkin, 2016-08-07
@websiteserf

From your code, it seemed to me that you were mixing request processing with responses, routing and data validation.
In general, $_COOKIE, $_POST and $_GET already form $_REQUEST . But that's not a good idea, really.
A better request handling solution would be something like PSR-7 or Symfony HttpFoundation .
For validation and routing, again, you can look at examples from Symfony: Routing , Validator .
True, judging by your code, you meant routing by validation.