phpissetfilter-input

PHP - Using filter_input, isset and other


I just want to ask. I noticed that Netbeans is shouting on me to use filter_input(). So I used it but I dont really understand it. Lets say I have this code

if(isset($_POST['button'])){}

what is diffent when I use

if (filter_input(INPUT_POST,'button')){}

Also when I am using some posts to get values

$header = filter_input(INPUT_POST,'header',FILTER_SANITIZE_STRING);

Normaly I use this

$header = $_POST['header']

What are rules to using it, what does it doing ? When to use it. And use it with POST or GET or both ? Because code is bigger with it, and I personally like small code I can use whenever


Solution

  • In some cases this can abuse for MySQL injection or code injection.

     $var = $_POST["ANYVALUE"]
    

    To Avoid this, we use filter_input to replace some dangerous Characters. Or Simple u can check for right E-Mail Adresse.

    filter_input(INPUT_POST, var, FILTER_VALIDATE_EMAIL)
    

    If you send password value use only POST method. The GET method is Visible on the Browsers URL. So if you use GET u need have more work to do.

    A list of different filters and description you find here: PHP: Types of filters

    So filters are great for validation!

    Small description: All what the user can type in your system must by checked for the right value to avoid hackers.

    Hope this helps :)