thank you for reading my question. It is related to a login system, where the user submits a form to 'login.php' with data.
I have a 'functions.php' file with all my functions in it. I Have also have a'login.php' file that includes 'functions.php' and uses it's functions.
I want to test the data transmitted by a form to 'login.php'.
Is it best practice to validate/sanitize the parameters inside the functions of 'functions.php', or is it better to do so before passing the parameters to the function, in the 'login.php' file.
I read that you have to validate/sanitize data on every context change, would the data passing from 'login.php' to 'functions.php' by parameters actually be a context change? Do I have to sanitize/validate in both files?
It's better to validate/sanitize the parameters inside the functions of 'functions.php' so you don't need to sanitize it again in other part of your code each time you're calling your functions in the function.php.
A scenario for example you have 10 different forms. Instead of sanitizing the data 10 times before passing it in the function as parameter, it's better if you sanitize it once and that will occur in your function.