Menu
When I was working on a site navigation, where a GET-Parameter should be displayed on the site itself, I woundered how I could otherwise validate the user input.
The "normal" way would be to convert the input with something like htmlspecialchars() in order to avoid XSS-Attacks. I decided not to convert the input but to typecast it to an int.
The code looks something like this:
$siteinfo['current_site'] = (int) $_GET['p'];
(of course this is only possible because the expected input is an integer)
What do you think about this? Is it safe? Any disadvantages in your opinion?
This is probably the safest way to validate an int:
$siteinfo['current_site'] = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT);
Read more here: http://php.net/manual/en/function.filter-input.php
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
