PHP - Using filter_input, isset and other

757 views Asked by At

I just want to ask. I noticed that Netbeans is shouting on me to use filter_input(). So I used it but I dont really understand it. Lets say I have this code

if(isset($_POST['button'])){}

what is diffent when I use

if (filter_input(INPUT_POST,'button')){}

Also when I am using some posts to get values

$header = filter_input(INPUT_POST,'header',FILTER_SANITIZE_STRING);

Normaly I use this

$header = $_POST['header']

What are rules to using it, what does it doing ? When to use it. And use it with POST or GET or both ? Because code is bigger with it, and I personally like small code I can use whenever

1

There are 1 answers

1
ivorysmoker On BEST ANSWER

In some cases this can abuse for MySQL injection or code injection.

 $var = $_POST["ANYVALUE"]

To Avoid this, we use filter_input to replace some dangerous Characters. Or Simple u can check for right E-Mail Adresse.

filter_input(INPUT_POST, var, FILTER_VALIDATE_EMAIL)

If you send password value use only POST method. The GET method is Visible on the Browsers URL. So if you use GET u need have more work to do.

A list of different filters and description you find here: PHP: Types of filters

So filters are great for validation!

Small description: All what the user can type in your system must by checked for the right value to avoid hackers.

Hope this helps :)