I completely missed this great new feature build in PHP 5.2 since I haven’t been using much vanilla PHP lately due to my preference for CodeIgniter.
CodeIgniter offers great input validation by just using the following code.
$something = $this->input->post('something'); $somethingelse = $this->input->get('something');
But with the release of version 5.2 PHP now offers a great data-sanitizing function right out-of-the-box.
$my_string = filter_input(INPUT_GET, ‘my_string’, FILTER_SANITIZE_STRING);
The code above essentially gets $_GET['my_string'] and makes sure it is stripped of any HTML, SQL or other harmful code. If you don’t want to filter you’re variables you can still use the following code.
$my_string = filter_input(INPUT_GET, ‘my_string’, FILTER_UNSAFE_RAW);
This doesn’t just work for $_GET and $_POST but also for $_SERVER and $_COOKIE variables. Check out the documentation for filter_input() on the PHP website. You might also want to have a look at the functions filter_var(), filter_input_array() and filter_var_array() since they offer the same sanitation of data for arrays and non-external variables.