Came across an interesting idea on filtering data in PHP the other day. While I think the details of this approach aren’t the way to go, the concept seems like a good one. As comment #7 points out, converting the PHP Superglobals to objects probably isn’t a good idea because it is close enough to the Superglobal arrays to confuse others looking at the code. So perhaps the better approach is to make it more obvious what is going on.
Create a new array of objects, call it something like $_DATA and using it to grab data in your scripts. As an example, GET data could be accessed in your script via something like this:
global $_DATA;
$first_name = $_DATA["GET"]->getFilteredValue("first_name");
The same sort of thing could be done to access post and cookie data. If you needed the original raw value you could easily come up with a method like:
global $_DATA;
$raw_first_name = $_DATA["GET"]->getRawValue("first_name");
Another advantage that this approach has is the ability to quickly determine if code is using unfiltered data. Run grep looking for uses of $_GET, $_POST, $_COOKIE or getRawValue and you’ll be able to quickly spot code that isn’t using the filtered data. Since we aren’t changing the original data in $_GET, $_POST and $_COOKIE other bits of code like HTML_QuickForm will still be able to do their job.