Reserved Keywords

Please note that there are a few reserved keywords that we ask you not to use in your own code.

Keyword
Replacement
$sys_Please do not use any variables starting with $sys_ (i.e. $sys_example)
sys_Do not use the sys_ prefix to name any of your HTML-tag classes (i.e. sys_class)
__Please also avoid using double underscores __ in your variables (i.e. my__variable)
$EXEC, $DATA, $FILE, $FORM, $NAVI, $PAGE, $USERDo not overwrite the names of our API objects or shortcuts. Overwriting any of the object's instances won't cause any errors as such, however, from that moment on you will not be able to use the object any more.

Security Issues

Unfortunately PHP is fairly vulnerable when it comes to hacking into the web-server. In order to prevent XSS attacks and the likes the following PHP functions must not be used. Please use the API methods provided instead of the PHP function.

Function
Replacement
$_GETThe DATA method request("GET") replaces data with html-entities to prevent XSS attacks. Alternatively the NAVI method query() will URL-encode the query.
$_POSTUse the DATA method request("POST") to get $_POST data or values() if the data was sent by a FORM.
cookie()The cookie() method allows you to read and write cookie values.
session()session() will validate session values in order to prevent session-hijacking.
header()Use the $PAGE method header() and the other methods described in that section in order to maintain full control over the page's header settings.
HTML <input> tagWhen using HTML forms make sure that only encoded data is used. We recommend to use the $FORM object to create forms.

Do not overwrite the names of our API objects or shortcuts. Overwriting any of the objects provided won't cause any errors as such, however, from that moment on you will not be able to access the original object any more (which is rather logical).