I’m wanting advice as to the proper way to handle function arguments. With a controller action such as
public function actionPrintInvoice($id = false)
{
if (!$id) {
throw new NotFoundHttpException(Yii::t('app', 'Invalid Request.'));
}
$id = HtmlPurifier::process($id);
$modelInvoice = $this->findModel($id);
$modelInvoiceItems = $modelInvoice->invoiceItems;
return $this->render('print', [
'modelInvoice' => $modelInvoice,
'modelInvoiceItems' => (empty($modelInvoiceItems)) ? [new InvoicesItems] : $modelInvoiceItems,
]);
}
Is using HTMLPurifier the proper route? Is simply using PHP’s is_numeric() too ‘weak’ from a security standpoint? Just looking for a Best Practice approach that I can universally implement to try and minimize issues.