How raw is getRaw?

[Nick Ramsay]

Hi all, a newbie question for you:

Does getRaw provide basic sanitation, or does it really return the
rawest of raw input?

Thank you!

[funkatron]

getRaw() provides *no* sanitation. it is the exact value as retrieved
from the superglobal.

--
Ed Finkler
http://funkatron.com
Twitter:@funkatron
AIM: funka7ron
ICQ: 3922133
XMPP:funk...@gmail.com

[Nick Ramsay]

Okay. In that case, which filter would be most appropriate if the
input contains a hyphen or underscore such as in the case of a user
name, e.g. my_name or my-name?

I'm guessing noTags?

Many thanks,
Nick.

On Jun 21, 4:53 am, funkatron <funkat...@gmail.com> wrote:
> getRaw() provides *no* sanitation. it is the exact value as retrieved
> from the superglobal.
>
> --

> Ed Finklerhttp://funkatron.com

> Twitter:@funkatron
> AIM: funka7ron
> ICQ: 3922133

> XMPP:funkat...@gmail.com

[Ed Finkler]

That would work, but I wonder if it would be appropriate to have a
filter which handles alnum plus '-' and '_'. That's a pretty common
username convention.

--
Ed Finkler

http://funkatron.com
Twitter:@funkatron
AIM: funka7ron
ICQ: 3922133

XMPP:funk...@gmail.com

[Matt McKeon]

What if the filtering functions allowed for a 2nd array argument where
you could specify additional characters to allow for that operation?
Sometimes I might want a username to allow a period and others not for
instance.

Something like that would be more accommodating then a predefined check
that would require me to hack in a new regex for a project.

Just a thought,
Matt

[Ed Finkler]

Yeah, that might be a possibility too. Not sure if I want to do that
on all of them, but maybe an "isUsername" tester that takes a second
arg. Maybe. That could complicate use by the cage objects, though.

--
Ed Finkler
http://funkatron.com
Twitter:@funkatron
AIM: funka7ron
ICQ: 3922133
XMPP:funk...@gmail.com

[Nick Ramsay]

After posting my earlier question, I went on to use a testRegex which
has worked fine, but does seem like overkill. I like the idea of a 2nd
array argument, but would be tempted to give the tester a more generic
name like "isName" since it would be useful for other kinds of names
and labels, too.

Thanks for considering this.
Nick.

On Jun 30, 11:00 pm, Ed Finkler <funkat...@gmail.com> wrote:
> Yeah, that might be a possibility too. Not sure if I want to do that
> on all of them, but maybe an "isUsername" tester that takes a second
> arg. Maybe. That could complicate use by the cage objects, though.
>
> --

> Ed Finklerhttp://funkatron.com
> Twitter:@funkatron
> AIM: funka7ron
> ICQ: 3922133
> XMPP:funkat...@gmail.com
>

> On Tue, Jun 30, 2009 at 9:53 AM, Matt McKeon<m...@mmckeon.com> wrote:
>
> > What if the filtering functions allowed for a 2nd array argument where
> > you could specify additional characters to allow for that operation?
> > Sometimes I might want a username to allow a period and others not for
> > instance.
>
> > Something like that would be more accommodating then a predefined check
> > that would require me to hack in a new regex for a project.
>
> > Just a thought,
> > Matt
>
> > Ed Finkler wrote:
> >> That would work, but I wonder if it would be appropriate to have a
> >> filter which handles alnum plus '-' and '_'. That's a pretty common
> >> username convention.
>
> >> --
> >> Ed Finkler
> >>http://funkatron.com
> >> Twitter:@funkatron
> >> AIM: funka7ron
> >> ICQ: 3922133

> >> XMPP:funkat...@gmail.com