jimfog Posted June 3, 2017 Share Posted June 3, 2017 I am using netbeans to code PHP...when using a superglobal array such as $_POST for example I get frequent the message that I should not access them directly for security reasons. I know the reason behind that and and the solution(filter_input). The question is if it is so safety critical that I should use filter_input in superglobals. Where it is critical,such as in database inserts I use prepared statements...but what about in other cases? Such as this for example: if(trim($_POST['email'])=='') { //do this } Must I use a filtering function? Link to comment Share on other sites More sharing options...
dsonesuk Posted June 3, 2017 Share Posted June 3, 2017 If the code is not sanitized and printed to page it could print malicious code. Link to comment Share on other sites More sharing options...
jimfog Posted June 3, 2017 Author Share Posted June 3, 2017 4 hours ago, dsonesuk said: If the code is not sanitized and printed to page it could print malicious code. Ι assume that this means using after all filter_input() Link to comment Share on other sites More sharing options...
dsonesuk Posted June 3, 2017 Share Posted June 3, 2017 Yes! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now