Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to check for both POST and GET data whilst using filter_input?

Tags:

post

php

optimization

get

filter-input

I'm wondering if it's possible to get a variable whether it is in POST or GET and then use filter_input() to sanitize it.

At first I thought that $var = filter_input(INPUT_POST | INPUT_GET, "var", FILTER_SANITIZE_STRING) might work, however it doesn't and the PHP manual states you can only pass one type of input.

I also tried INPUT_REQUEST, which strangely didn't work. The function recognises it (i.e. it doesn't throw up an error saying I've put something wrong in $input), yet it won't get any code. And yes, I know not to use INPUT_REQUEST in a live environment, I was just purely testing to see if it would work.

Currently I do the following:

$var = filter_input(INPUT_POST, "var", FILTER_SANITIZE_STRING);
if(!$var) $var = filter_input(INPUT_GET, "var", FILTER_SANITIZE_STRING);

however with many things in PHP, there is often simpler way that will do it all for me in one command. I'm wondering if that is the case here, can I combine them into one check? I performed a cursory search on Google and couldn't even find any references to anyone trying this before, let alone a solution, so now I turn to you good folks.

like image 400
Styphon Avatar asked Aug 02 '13 14:08

Styphon

3 Answers

It's considered bad practice if you don't know whether your input is in GET or POST. You should always know and not just randomly accept whatever.

like image 110
Halcyon Avatar answered Oct 28 '22 14:10

Halcyon

I think there isn't a better approach than making a custom function with the code you already mentioned:

function getPostOrGet($name) {

  $var = filter_input(INPUT_POST, $name, FILTER_SANITIZE_STRING);

  if(!$var) $var = filter_input(INPUT_GET, $name, FILTER_SANITIZE_STRING);

  return $var;

}

And if you think in it is normal you can't use the | operator because then what happened if it's defined in both.

Also note that, as it's a bad practice, it doesn't have an "easy" way of doing it. So use a custom function if you really need it, and use only the correct input type if you can.

like image 2
PhoneixS Avatar answered Oct 28 '22 13:10

PhoneixS

A little bit late to the party. I had the same probem. My solution for this case is a approch like this:

$data = array_merge(filter_input_array(INPUT_POST), filter_input_array(INPUT_GET));
$var = $data["var"];

If you need to sanitize before use the options from filter_input_array: http://php.net/manual/de/function.filter-input-array.php

For example:

$args = array(
    'var'   => FILTER_SANITIZE_STRING
);

And combined:

$data = array_merge(filter_input_array(INPUT_POST, $args), filter_input_array(INPUT_GET, $args));
$var = $data["var"];
like image 1
Marco Avatar answered Oct 28 '22 13:10

Marco
Sign in to Comment

Related questions

PHP.ini example to enable sessions?
print() always returns 1, is there a practical use?
HTML5 & getUserMedia - Record Audio & Save to Web Server after Certain Time
Why does ANSI_NULLS and ANSI_WARNINGS need to be set to on for linked server queries in PHP?
Is it Possible to declare Cursor within IF Condition in MySQL UDF
How to keep memory low when using a hierarchical object structure
Amazon MWS: How to specify the language of _GET_MERCHANT_LISTINGS_DATA_
PHP String Contains Integer
Listen for All Events in Symfony 2
How does a foreign key get into a table?
data-binary parameter in cURL
What is the best way to change the user's timezone in Laravel 4?
Codeigniter multiple views in one view
extract image url from html page with php
Composer and Yii
phpmailer attach pdf from dynamic url
Customizing Zend Framework 2 Email Field Validator Error Messages
PayPal Rest API gives 401 error when switched to Live Credentials
CakePHP 2.3 form not showing validation errors
What does mbstring.strict_detection do?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!