Software Development

Cleaning input enough?

Input validation is a known issue, but writing some PHP-code today let me write the following and I’m wondering if I forgot something. It is only to make sure no cleansed variable will enter a switch statement for example. if (isset(_POST[‘action’])) if (strlen(preg_replace(“/[^a-zA-Z0-9-]/i”,””,_POST[‘action’])) == 0) page_action =_POST[‘action’]; else page_action = ”; elsepage_action = ”; switch […]