The advantage in using the filter_input
is in the facility to apply filters to your string.
The same result can be obtained with the function filter_var
, implementing the constants of FILTER
The filter_input
would have the same function as:
// Sem filter_input
$email = filter_var($_GET['email'], FILTER_VALIDATE_EMAIL);
// Usando filter input
$email = filter_input(INPUT_GET , 'email', FILTER_VALIDATE_EMAIL);
The functions filter_*
are few used by beginners, but they are quite useful. In the example above for example, php already validates if the input
is an email, without having to resort to Monstrous Regular Expressions.
With a little creativity, using a prime of the function filter_input
, to filter_input_array
, we can validate our forms with a very expressive and elegant code.
Adapted example of the documentation:
<?php
$data = array(
'product_id' => 'libgd<script>',
'component' => '10',
'versions' => '2.0.33',
'testscalar' => array('2', '23', '10', '12'),
'testarray' => '2',
);
$args = array(
'product_id' => FILTER_SANITIZE_ENCODED,
'component' => array('filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_FORCE_ARRAY,
'options' => array('min_range' => 1, 'max_range' => 10)
),
'versions' => FILTER_SANITIZE_ENCODED,
'doesnotexist' => FILTER_VALIDATE_INT,
'testscalar' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_SCALAR,
),
'testarray' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_FORCE_ARRAY,
)
);
$myinputs = filter_var_array($data, $args);
var_dump($myinputs);
Results in the following array already treated:
array(6) {
["product_id"]=>
array(1) {
[0]=>
string(17) "libgd%3Cscript%3E"
}
["component"]=>
array(1) {
[0]=>
int(10)
}
["versions"]=>
array(1) {
[0]=>
string(6) "2.0.33"
}
["doesnotexist"]=>
NULL
["testscalar"]=>
bool(false)
["testarray"]=>
array(1) {
[0]=>
int(2)
}
}
Obs:
isset($_GET["pag"])
can cause a warning in php, you are trying to access an index that may not exist (let error_reporting(E_ALL) to see this warning that is usually omitted). it is more correct to useif(array_key_exists("pag", $_GET))
and this function should debate with filter_input– Leonardo Bosquett
@Leonardobosquett, can say in what situation a warning was fired using
isset
?– Papa Charlie
@Leonardobosquett That’s not right, the function
isset
exists precisely to check if there is an indexpag
in the matrix$_GET
. Note the example of the documentation in: http://php.net/manual/en/function.isset.php– Zuul
@Correct Zuul, it is up to an example in the PHP manual, there are scenarios (also depends on the configuration of PHP) in which these warnings are shown. Here is a case: http://stackoverflow.com/questions/6027455/help-with-undefined-index-and-undefined-variable
– Leonardo Bosquett
@Leonardobosquett The mistakes
Undefined index
andUndefined variable
are shown when we are trying to use a matrix input or a variable that does not exist. With the isset function, this does not happen. The function simply checks if it exists, and only if it exists will check whether the value isnull
. You can go deeper into this in this answer of SOEN. In short, the functionisset
serves precisely to avoid mistakes:Undefined index
andUndefined variable
.– Zuul
ntebeans triggers Warning due to netbeans platform usage policies. It doesn’t mean that in PHP that’s true either.. is merely due to the framework rules. Another example, Prestashop triggers Warning when trying to use mb_strlen or strlen or other string functions directly in the code. They ask to use the internal Libraries as a way to standardize codes within the framework rules.
– Daniel Omine