Never having to use $_GET or $_POST again

Since the release of PHP 5.2 you can easily fetch and sanitize data send via superglobals in a safe manner. You can replace your current sanitation class with this API.

I completely missed this great new feature build in PHP 5.2 since I haven’t been using much vanilla PHP lately due to my preference for CodeIgniter.

CodeIgniter offers great input validation by just using the following code.

$something = $this->input->post('something');
$somethingelse = $this->input->get('something');

But with the release of version 5.2 PHP now offers a great data-sanitizing function right out-of-the-box.

$my_string = filter_input(INPUT_GET, ‘my_string’, FILTER_SANITIZE_STRING);

The code above essentially gets $_GET[‘my_string’] and makes sure it is stripped of any HTML, SQL or other harmful code. If you don’t want to filter you’re variables you can still use the following code.

$my_string = filter_input(INPUT_GET, ‘my_string’, FILTER_UNSAFE_RAW);

This doesn’t just work for $_GET and $_POST but also for $_SERVER and $_COOKIE variables. Check out the documentation for filter_input() on the PHP website. You might also want to have a look at the functions filter_var(), filter_input_array() and filter_var_array() since they offer the same sanitation of data for arrays and non-external variables.

Author: Luc De Brouwer

Luc is a web developer who loves WordPress, Magento, PHP, MySQL, HTML, CSS, jQuery, good food and Nine Inch Nails.

7 thoughts on “Never having to use $_GET or $_POST again”

Fatal error: Call to undefined function the_comments_navigation() in /var/www/vhosts/ on line 49