What is the purpose of using the filter_input

1

Why is it more safe to use the filter_input function than to simply use global variables ( $_SERVER , $_GET , $_POST )?

    
asked by anonymous 09.06.2014 / 19:11

1 answer

5

Reference to filter: link

My opinion is that you should always use it (the filter extension in general). There are at least three reasons for this:

1 - Filter data entry is something you should always do. Since the function gives you this ability there is really no reason to find other forms of entry sanitation. Since it is an extension of the filter will also be much faster and probably more secure than most PHP solutions out there, which certainly does not hurt. The only exception is if you need a more specialized filter. Even then, you should get the value using the FILTER_UNSAFE_RAW filter.

2 - There are a lot of things in the filter. It can save you hours of writing filters and validation code. Of course, it does not cover all cases.

3 - Using the function is very good for when you are debugging your code. When the function is used you know exactly what the input will be. For example, if you use the FILTER_SANITIZE_NUMBER_INT filter, then you can be sure that the input will be a number - without SQL Injection , no HTML or Javascript code, etc ...

    
09.06.2014 / 19:38