Have an account? Sign in
Login  Register  Facebook
Which approach is better for security?
I get input from user through a form and then process.
For example,
Method 1:
if $_POST['submit']{
$title = $_POST['title'];
$message = $_POST['message'];

send_message($title, $message);
}
Now
function send_message($title, $message){
$t= secure($title);
$m = secure($message);

---
--
}

Method 2:
if $_POST['submit']{

$title = secure($_POST['title']);
$message = secure($_POST['message']);

send_message($title, $message);
}

function send_message($title, $message){
//no need to secure input here as i already did before passing to this function.
}


Please note that in method 1 i did not secure the input, i sent the input as the user submitted it. I will secure it in the send_message function before i insert to database.
in Method 2, I first of all secured input and then passed to the function.

So my question is that, is there any security risk by passing the inputs in a function as above?

Should i secure the inputs before i call the send_message function?
Which of the method is more secure?
Started: September 18, 2011 Latest Activity: September 18, 2011 mysql security
1 Answer
its the same my friend because in the two cases you secure it before the real send

Posted: MacOS
In: September 18, 2011

Your Answer

xDo you want to answer this question? Please login or create an account to post your answer