Also notice that filter functions are using only the original variable values passed to the script even if you change the value in super global variable ($_GET, $_POST, ...) later in the script.
<?php
echo filter_input(INPUT_GET, 'var'); // print 'something'
echo $_GET['var']; // print 'something'
$_GET['var'] = 'changed';
echo filter_input(INPUT_GET, 'var'); // print 'something'
echo $_GET['var']; // print 'changed'
?>
In fact, external data are duplicated in SAPI before the script is processed and filter functions don't use super globals anymore (as explained in Filter tutorial bellow, section 'How does it work?').Π€ΡΠ½ΠΊΡΠΈΠΈ ΡΠΈΠ»ΡΡΡΠ°ΡΠΈΠΈ Π΄Π°Π½Π½ΡΡ
Π‘ΠΎΠ΄Π΅ΡΠΆΠ°Π½ΠΈΠ΅
- filter_has_var β ΠΡΠΎΠ²Π΅ΡΡΠ΅Ρ, ΡΠΎΠ΄Π΅ΡΠΆΠΈΡ Π»ΠΈ ΡΡΠΏΠ΅ΡΠ³Π»ΠΎΠ±Π°Π»ΡΠ½ΡΠΉ ΠΌΠ°ΡΡΠΈΠ² Π·Π°Π΄Π°Π½Π½ΠΎΠ³ΠΎ ΡΠΈΠΏΠ° ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ Ρ ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠ½ΡΠΌ Π½Π°Π·Π²Π°Π½ΠΈΠ΅ΠΌ
- filter_id β ΠΠΎΠ·Π²ΡΠ°ΡΠ°Π΅Ρ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ, ΠΏΡΠΈΠ½Π°Π΄Π»Π΅ΠΆΠ°ΡΠΈΠΉ ΠΈΠΌΠ΅Π½ΠΎΠ²Π°Π½Π½ΠΎΠΌΡ ΡΠΈΠ»ΡΡΡΡ
- filter_input β ΠΠΎΠ»ΡΡΠ°Π΅Ρ ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠ½ΡΡ Π²Π½Π΅ΡΠ½ΡΡ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ ΠΏΠΎ ΠΈΠΌΠ΅Π½ΠΈ ΠΈ, Π΅ΡΠ»ΠΈ Π½ΡΠΆΠ½ΠΎ, ΡΠΈΠ»ΡΡΡΡΠ΅Ρ Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΠΎΠΉ
- filter_input_array β ΠΠΎΠ»ΡΡΠ°Π΅Ρ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΎ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ ΠΈΠ·Π²Π½Π΅ PHP ΠΈ, ΠΏΡΠΈ Π½Π΅ΠΎΠ±Ρ ΠΎΠ΄ΠΈΠΌΠΎΡΡΠΈ, ΡΠΈΠ»ΡΡΡΡΠ΅Ρ ΠΈΡ
- filter_list β ΠΠΎΠ·Π²ΡΠ°ΡΠ°Π΅Ρ ΡΠΏΠΈΡΠΎΠΊ Π²ΡΠ΅Ρ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅ΠΌΡΡ ΡΠΈΠ»ΡΡΡΠΎΠ²
- filter_var β Π€ΠΈΠ»ΡΡΡΡΠ΅Ρ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ
- filter_var_array β ΠΡΠΈΠ½ΠΈΠΌΠ°Π΅Ρ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΎ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ ΠΈ, ΠΏΡΠΈ Π½Π΅ΠΎΠ±Ρ ΠΎΠ΄ΠΈΠΌΠΎΡΡΠΈ, ΡΠΈΠ»ΡΡΡΡΠ΅Ρ ΠΈΡ
ΠΠ°ΡΠ»ΠΈ ΠΎΡΠΈΠ±ΠΊΡ?
οΌΠΠΎΠ±Π°Π²ΠΈΡΡ
ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ 2 notes
vojtech at x dot cz ΒΆ
19 years ago
fumble1 at web dot de ΒΆ
18 years ago
I recommend you to use the FILTER_REQUIRE_SCALAR (or FILTER_REQUIRE_ARRAY) flags, since you can use array-brackets both to access string offsets and array-element -- however, not only this can lead to unexpected behaviour. Look at this example:
<?php
$image = basename(filter_input(INPUT_GET, 'src', FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW));
// further checks
?>
/script.php?src[0]=foobar will cause a warning. :-(
Hence my recommendation:
<?php
$image = basename(filter_input(INPUT_GET, 'src', FILTER_UNSAFE_RAW, FILTER_REQUIRE_SCALAR | FILTER_FLAG_STRIP_LOW));
// further checks
?>-
0
pcntl_sigtimedwaitWaits for signals, with a timeout
-
0
similar_textCalculate the similarity between two strings
-
0
boolvalGet the boolean value of a variable
-
0
curl_multi_closeClose a set of cURL handles
-
0
imap_bodyRead the message body
-
0
mb_strposFind position of first occurrence of string in a string
-
0
pg_send_prepareSends a request to create a prepared statement with the given parameters, without waiting for completion
-
0
swoole_native_socket_bind
-
0
Arr::prependKeysWith
-
0
zend_versionGets the version of the current Zend engine