I took a look at the PHP manual but did not say anything, I saw a guy not using the third parameter and then I was in doubt if it is mandatory or not
I took a look at the PHP manual but did not say anything, I saw a guy not using the third parameter and then I was in doubt if it is mandatory or not
It's not, check it out in the documentation: link
%pre%These %code% indicate optional arguments, in PHP there are predefined arguments, when you omit in your use php passes the default value, which in the specific case of this function would be %code% , the code you posted shows that the person has changed %code% by %code% , that is, each one is for one thing, just see the values supported in link
As it says in the doc:
If omitted, %code% will be used, which is equivalent to %code% . This will result in no filtering taking place by default.
If omitted, it will use %code% , which is equivalent to %code% . This will result in an unfiltered value.
Just to note, %code% is part of the link , this filter in the case escapes / converts characters such as: %code% , %code% , %code% , among others that the ASCII value is less than 32, ie something like:
%pre%Will print this:
%pre%What are HTML entities, which when rendered on the page actually display %code% , but without affecting HTML.
The documentation of the %code% function says the following about the third parameter:
"If omitted, FILTER_DEFAULT will be used, which is equivalent to FILTER_UNSAFE_RAW. This will result in no filtering taking place by default."
That is, the third parameter is not required and can be omitted. Although this does not filter the value in fact.
$nome = filter_input(INPUT_GET, 'nome', FILTER_SANITIZE_SPECIAL_CHARS);
I took a look at the PHP manual but did not say anything, I saw a guy not using the third parameter and then I was in doubt if it is mandatory or not
It's not, check it out in the documentation: link
mixed filter_input ( int $type , string $variable_name [, int $filter = FILTER_DEFAULT [, mixed $options ]] )
These [...]
indicate optional arguments, in PHP there are predefined arguments, when you omit in your use php passes the default value, which in the specific case of this function would be FILTER_DEFAULT
, the code you posted shows that the person has changed FILTER_DEFAULT
by FILTER_SANITIZE_SPECIAL_CHARS
, that is, each one is for one thing, just see the values supported in link
As it says in the doc:
If omitted,
FILTER_DEFAULT
will be used, which is equivalent toFILTER_UNSAFE_RAW
. This will result in no filtering taking place by default.If omitted, it will use
FILTER_DEFAULT
, which is equivalent toFILTER_UNSAFE_RAW
. This will result in an unfiltered value.
Just to note, FILTER_SANITIZE_SPECIAL_CHARS
is part of the link , this filter in the case escapes / converts characters such as: <
, >
, &
, among others that the ASCII value is less than 32, ie something like:
<?php
$str = "< > & string(34) "< > & � "
\n \r";
$x = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS);
var_dump($x);
Will print this:
mixed filter_input ( int $type , string $variable_name [, int $filter = FILTER_DEFAULT [, mixed $options ]] )
What are HTML entities, which when rendered on the page actually display < > & %code% \n \r
, but without affecting HTML.
The documentation of the filter_input
function says the following about the third parameter:
"If omitted, FILTER_DEFAULT will be used, which is equivalent to FILTER_UNSAFE_RAW. This will result in no filtering taking place by default."
That is, the third parameter is not required and can be omitted. Although this does not filter the value in fact.