When is filter_input () or filter_var () used?

Question

When is filter_input () or filter_var () used?

I traditionally use a function filter_var()to disinfect data $_GETand $_POST, such as:

 $foo =  filter_var($_GET['foo'], FILTER_SANITIZE_NUMBER_INT);

but PHP also has a function filter_input()that has a different syntax to do the same thing:

$foo = filter_input(INPUT_GET, 'foo', FILTER_SANITIZE_NUMBER_INT);

Are these synonyms? Is there an advantage to using one over the other?

I checked the man pages, but I don't see much difference (only if / as an error is reported). Semantically / best practice, what makes the most sense?

+4

php sanitization

Sablefoste Oct 26 '16 at 18:48

source share

1 answer

AbraCadaver · Accepted Answer · 2016-10-26T18:53:36+0000

One of the main differences is how they handle undefined variables / indexes. If $_GET['foo']does not exist:

$foo = filter_var($_GET['foo'], FILTER_SANITIZE_NUMBER_INT);

"" :

: undefined index: foo

, if(isset($_GET['foo'])).

:

$foo = filter_input(INPUT_GET, 'foo', FILTER_SANITIZE_NUMBER_INT);

NULL .

When is filter_input () or filter_var () used?

More articles: