How would You set up the logic: do we need double check?

Address bar GET the settings for the selected mission, now:
public function missionAction()
{
 // Put HERE now the POST processing for this mission and to check the availability of the mission on the basis of already POST data?
 try {
 $this->mObj->checkMission(); // checked the availability of mission GET the parameters
 } catch (DomainException $e) {
 $this->alertRedirect('danger', $e->getMessage(), "/operation-{$this->mObj->oid}/missions"); // redirect to the list of available missions, if you select the GET options are not available
}
 // Or to put the processing of the data POST HERE and you can use them to work with databases, since the availability of the mission has already been tested on the basis of the GET data?
$this->setSite('Mission');
 $site = $this->site;
 $user = $this->mObj->user;
 $mission = $this->mObj->mission;
 $this->setVars(compact('site', 'user', 'mission'));
}

In the code comments actually questions.

Clarification: at the time of sending the POST we are already in missionAction (/mission-2 for example) that is checked on GET worked when you go to the page, you now need to send a POST on it
April 4th 20 at 13:24
2 answers
April 4th 20 at 13:26
Solution
There is a rule, always check that comes from the user. Post get doesn't matter.
April 4th 20 at 13:28
Solution
Of course, we need.
Since GET is the goal.
And the POST is target selection.
And if you lose, then... you know.
Well, if the goal is lost, then the POST does not need to check that is work checking GET and then POST.

But if the first POST test, but to change GET parameters, the POST processing is complete, and after checking GET thrown out of the mission.

Here is the delema. - thea19 commented on April 4th 20 at 13:31
@thea19,
Well, if the goal is lost, then the POST does not need to check that is work checking GET and then POST.
Requests to the server 2? So it is necessary to check 2 times. - Kelley57 commented on April 4th 20 at 13:34
on missionAction we have come with GET parameters - thea19 commented on April 4th 20 at 13:37
@thea19so, and now POST where did/does? - Kelley57 commented on April 4th 20 at 13:40
@Kelley57on the page with the address /mission-2 (for example) located in the POST form

I question complements - thea19 commented on April 4th 20 at 13:43
@thea19, It's 2 request. 2 - 2nd inspection.
While the user will have to do something - things can change on the server already. - Kelley57 commented on April 4th 20 at 13:46
@Kelley57, when sending a POST will still occur check GET because we will be back in missionAction after POST redirect - thea19 commented on April 4th 20 at 13:49
@thea19, this is the 3rd request to the server!
And there is also need check if need to display something on the page. - Kelley57 commented on April 4th 20 at 13:52
@Kelley57,

/mission-2

// here check GET

// then POST processed: enter incorrect GET in the address bar and send POST
after processing GET and redirect us erase from the page to the POST request? - thea19 commented on April 4th 20 at 13:55
@thea19, not the page, and the script server.
Throw, of course. - Kelley57 commented on April 4th 20 at 13:58
@Kelley57, well then it turns out that enough the GET the test as this test will not even send the correct POST data if the GET parameters have been changed before submitting POST - thea19 commented on April 4th 20 at 14:01
@thea19,
well, then it turns out that enough the GET the test as this test will not even send the correct POST data if the GET parameters have been changed before submitting POST
NO! NOT ENOUGH!

// checked the availability of mission GET the parameters
Here's the key point!
Here, the link may change in time.
And what then will come through the POST may no to get. - Kelley57 commented on April 4th 20 at 14:04
There is a rule, always check that comes from the user. Post get doesn't matter. - arielle_Vandervort36 commented on April 4th 20 at 14:07
@arielle_Vandervort36, It's not from this thread) It's about security)
Then - the control of the state speech)) - Kelley57 commented on April 4th 20 at 14:10
@Kelley57, well I understand You, I am the reinsurer must make an additional check in the POST, but processing the form submission as I understand it should be placed after the checks GET to be good at good - thea19 commented on April 4th 20 at 14:13
@thea19, And then the reinsurer something?!)))
The mission may be lost after 1 second? And POST can not be delivered. Right? - Kelley57 commented on April 4th 20 at 14:16
@Kelley57, POST sends the form data is not based on a GET parameter and based on the data from the database that was obtained by GET, but if we are correct POST was sent but GETы before this in the address bar changed, it will lead to sending POST, if GET check after goes and GET check throw, although the POST has worked properly - thea19 commented on April 4th 20 at 14:19
@Kelley57, I will do a second test, because when properly GET because I can stupid in the source code even to replace a POST parameter

solved - thea19 commented on April 4th 20 at 14:22
@thea19,
because when you GET right because I can stupid in the source code even to replace a POST parameter
Maybe mission first to exist and then not.
I talked about it. - Kelley57 commented on April 4th 20 at 14:25
@Kelley57, Yes))) - thea19 commented on April 4th 20 at 14:28
@arielle_Vandervort36,
There is a rule, always check that comes from the user. Post get doesn't matter.
by the way it turned out, also true may in response to throw - I have to say, you never know who will need - thea19 commented on April 4th 20 at 14:31
@thea19, Then we have to add to be full)))
Always check anything that comes from user via a regular expression.
(I never forget to do this!) - Kelley57 commented on April 4th 20 at 14:34

Find more questions by tags PHP