Menu
This should be a elementary question but why is better to use something like this:
$pwd = filter_input(INPUT_POST, 'pwd');
Instead of just:
$pwd = $_POST['pwd'];
PS: I understand that the filter extension can be used with more arguments to provide an additional level of sanitization.
444
Any data which is sent from the client (such as POST data) should be sanitized and escaped (and even better, sanity-checked) to ensure that it isn't going to kill your website.
SQL Injection and Cross-site scripting are the two largest threats for failing to sanitize your user-sent data.
35
It's not. $_GET, $_POST, $_COOKIE and $_REQUEST are filtered with default filter. filter_input(INPUT_POST, 'pwd') without additional parameters also uses the default filter. So there is no difference at all.
165
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
