Before I begin, please, allow me to introduce myself as a fan of the Object Oriented Programming (OOP). When PHP announced the release of the PHP5, I was keen on moving into PHP5 as soon as I realized all the benefits that it provides. It seems a bit awkward for a PHP developer also to be an OOP fan. Someone could easily tell me, “why bother with PHP and not programming with a full OOP language, such as Java or .NET Framework etc”. The answer might be obvious , to people who knows me well. I just like PHP!
But let’s cut to the chase, a few days ago I was checking some old projects, from the pre-MVC era, that were developed without the use of a sophisticated MVC Framework, such as Zend Framework, CakePHP, Codeigniter etc, which are providing a plethora of libraries that makes your life much easier. So, I had a revelation that I would like to share with you.
In such a project, I noticed that there was no checking for cross-site scripting attacks (XSS), making those sites vulnerable to malicious attackers. I had to figure out a solution without having to add a “check”, using a proper function, every time a posted variable was retrieved.
