On Davey's weblog, Pixelated Dreams, today, there's this new post with a possible solution to data filtering.

Last night in a rather epihanous moment, I had an idea for data filtering. The idea is simply this, overwrite the GET, POST, REQUEST and COOKIE superglobals with objects.

But, it goes further than this; the major concern most people had with this (as it has been proposed before) is that older scripts will break, so it is to this that I have come up with a really simple solution.

The class is meant to be extended, and the you should add methods named the same as the expected variables, this will then be passed the variable upon request and the returned value will be the return value.

Basically, his proposed code would automatically call a class to filter the variable, make it part of an object, and feed it back to the user - so that $_GET['foo'] becomes $_GET->foo, all filtered and cleaned of anything malicious...