Filter_input () $ _SERVER ["REQUEST_URI"] with FILTER_SANITIZE_URL

Question

Filter_input () $ _SERVER ["REQUEST_URI"] with FILTER_SANITIZE_URL

I filter $ _SERVER ["REQUEST_URI"] so that:

$_request_uri = filter_input(INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_URL);

As explained in php.net :

FILTER_SANITIZE_URL
Delete all characters except letters, numbers, and $ -_ + * '() {} | \ ^ ~ [] `<> #%"; /:.!?. @ & Amp; =

However

the browser sends this REQUEST_URI urlencode'd value, and therefore it is not sanitized in this filter_input () function. Let's say the address

http://www.example.com/abc/index.php?q=abc 123

and then the URL of the cleared request

/abc/index.php?q=abc%EF%BF%BD%EF%BF%BD123

But it must be

/abc/index.php?q=abc123

Maybe urldecode ($ _ SERVER ["REQUEST_URI"]), and then with filter_var () we can get the sanitized value.

$_request_uri = filter_var(urldecode($_SERVER['REQUEST_URI']), FILTER_SANITIZE_URL);

, "", , $_SERVER [ "REQUEST_URI" ].

, ($ _SERVER ['REQUEST_URI']), , "".

?

+4

php global-variables filtering request-uri

Kibele 26 . '14 13:09

1

Nalin Singapuri · Accepted Answer · 2014-11-20T16:27:26+0000

, mod_rewrite, apaches SetEnv URL- . REQUEST_URI apache , , $_SERVER [ "REQUEST_URI" ] php.

, . , :

get, .
.
, .
mod_rewrite .

, , filter_input filter_input_array INPUT_GET ( INPUT_SERVER).

$urlParameters = http_build_query(
    filter_input_array(
        INPUT_GET,
        FILTER_SANITIZE_URL
    )
);

$_request_uri = filter_input(INPUT_SERVER, 'SCRIPT_URL', FILTER_SANITIZE_URL). ($urlParameters ? "?{$urlParameters}" : "");
print_r($_request_uri);

, ( $_request_uri)

$_request_parameters = filter_input_array(
    INPUT_GET,
    array(
        'q' => FILTER_SANITIZE_URL,
    )
);

print_r($_request_parameters['q']);

Filter_input () $ _SERVER ["REQUEST_URI"] with FILTER_SANITIZE_URL

More articles: