I wonder if Using Super Global is obsolete and insecure in PHP, and why this statement.
Now we have filter_input
and I have this doubt.
I wonder if Using Super Global is obsolete and insecure in PHP, and why this statement.
Now we have filter_input
and I have this doubt.
No, using superglobals is not obsolete or insecure. What is obsolete and insecure is linking to register_globals
directive, which creates global variables based on superglobals. For example, $_POST['bla']
also exists as $bla
.
Now, the data that exists in these variables are often (1) sensitive - it may be best to avoid storing - or (2) malicious - and then enter filter_input
, among other measures, to ensure that input data be safe. What you have in superglobals is the "pure" input data, it is up to your application to treat them in a secure way.