Is there a reason why we don't do the if(empty()) check inside of makeSafe()?
as in put the if(empty()) inside of the function itself, or pass if( empty (makeSafe( $_REQUEST['appId'] ) ) ) when we assign it?
the reason I didn't put it in the makeSafe function was because we were testing to see if the variable was isset or empty and determining on the point of the application the result was either set to "" or 0, you could do it inside of the makeSafe() function but returning "" may not always be the desired results.
you could call the empty() test while you were assigning it, I just always start out assigning all of the user input variables I'm going to use at the top of the page by passing them through makeSafe.
function makeSafe( $var ) { $var = trim( addslashes( $var ) ); return $var; }
$clean['var1'] = makeSafe( $_REQUEST['var1'] ); $clean['var2'] = makeSafe( $_REQUEST['var2'] );
then any subsequent test called upon the variables are ensured to be clean.
if your desired output of makeSafe is to be "" if its empty then you could put the empty() test inside of makeSafe, but further down in the app we were testing for empty and returning 0.