So apparently there’s a lot of security risks in using our traditional $_GET['item'] within our custom developed modules / extensions. I for one am guilty of using a lot of GETs simply because they’re easy and pretty straight forward. So in order to dispense the ‘risk’ and combat some known exploits we’re advised to use the JRequest-class.
And we use it like so:
WRONG:
$category = $_GET['category'];
RIGHT:
$category = JRequest::getInt('categoryid'); //integer
$category = JRequest::getVar('category'); //mixed variable$category = JRequest::getString('categoryname'); //string variable
How simple is that?? That small change in your extensions and modules will save you headaches with vulnerable exploits in your custom developments.
Happy coding; the proper way this time!!
