I just want to ask. I noticed that Netbeans is shouting on me to use filter_input(). So I used it but I dont really understand it. Lets say I have this code
if(isset($_POST['button'])){}
what is diffent when I use
if (filter_input(INPUT_POST,'button')){}
Also when I am using some posts to get values
$header = filter_input(INPUT_POST,'header',FILTER_SANITIZE_STRING);
Normaly I use this
$header = $_POST['header']
What are rules to using it, what does it doing ? When to use it. And use it with POST or GET or both ? Because code is bigger with it, and I personally like small code I can use whenever
In some cases this can abuse for MySQL injection or code injection.
$var = $_POST["ANYVALUE"]
To Avoid this, we use filter_input to replace some dangerous Characters. Or Simple u can check for right E-Mail Adresse.
filter_input(INPUT_POST, var, FILTER_VALIDATE_EMAIL)
If you send password value use only POST method. The GET method is Visible on the Browsers URL. So if you use GET u need have more work to do.
A list of different filters and description you find here: PHP: Types of filters
So filters are great for validation!
Small description: All what the user can type in your system must by checked for the right value to avoid hackers.
Hope this helps :)