Error using filter_input in PHP

Asked

Viewed 140 times

1

Hello, folks. I have one and I’m trying to process its data in the php file. (I’m using AJAX to upload to the PHP file).

The query was normally performed before I put the filter_input. However, after putting them, the query is no longer performed.

You can point out a mistake I’m making in using filters.

Image of the form below:

inserir a descrição da imagem aqui

HTML code

<form id="formulario-consulta">
  <!-- FORMULÁRIO DE PESQUISA -->

  <!--div superior com as datas-->

  <div class="col-sm-3 col-lg-2 form-group">
    <h5>Filtrar por atividade :</h5>
    <div class="radio">
      <select name="prioridade" id="prioridade" class="input-sm form-control">
        <option value="Todos" selected>TODOS</option>
        <option value="Comum">COMUM</option>
        <option value="Extra">EXTRA</option>
        <option value="Urgente">URGENTE</option>
      </select>
    </div>
  </div>

  <div class="col-sm-3 col-lg-2 form-group">
    <h5>Filtrar por data de:</h5>
    <div class="radio">
      <select name="data" id="data" class="input-sm form-control">
        <option value="inicio">INÍCIO</option>
        <option value="finalizacao">FINALIZAÇÃO</option>
        <option value="vencimento" selected>VENCIMENTO</option>
      </select>
    </div>

  </div>




  <div class="col-xs-12 col-sm-3 col-lg-2">
    <h5 class="col-sm-3  col-xs-12">De:</h5>
    <input type="date" name="dataInicial" id="dataInicial" class="col-xs-12 input-sm form-control ">
  </div>

  <div class="col-xs-12 col-sm-3 col-lg-2  form-group">
    <h5 class="col-sm-3 col-xs-12">Até:</h5>
    <input type="date" name="dataFinal" id="dataFinal" class="col-xs-12 input-sm form-control">
  </div>

  <div class="col-xs-12 col-sm-12  col-lg-12 "></div>
  <!--divisor-->


  <div class="col-sm-2 col-lg-1 ">
    <h5>Código</h5>
    <div class="radio">
      <select name="cod" id="cod" class="input-sm form-control">
        <option></option>
        <?php
										while($linha_cod = mysqli_fetch_assoc($lista_cod))
										{
									?>
          <option id="<?php echo $linha_cod['EMPRESAS'];?>" value="<?php echo $linha_cod[" COD "];?>">
            <?php echo $linha_cod["COD"]; ?>
          </option>
          <?php
										}
									?>
      </select>
    </div>
  </div>
  <div class=" col-sm-7 cols-sm-offset-0 col-lg-6">
    <div class="">
      <h5>Cliente</h5>
      <select name="empresas" id="empresas" class="input-sm form-control">
        <option></option>
        <?php
									while($linha_empresas = mysqli_fetch_assoc($lista_empresas))
									{
									?>
          <option id="<?php echo $linha_empresas['COD'];?>" value="<?php echo $linha_empresas[" EMPRESAS "];?>">
            <?php echo $linha_empresas["EMPRESAS"];?>
          </option>

          <?php
										}
									?>
      </select>
    </div>
  </div>

  <div class=" col-sm-3 col-lg-2">

    <h5>Tributação</h5>
    <select name="tributacao" id="tributacao" class="input-sm form-control">
      <option></option>
      <?php
									while($linha_tributacao = mysqli_fetch_assoc($lista_tributacao))
									{
								?>
        <option value="<?php echo $linha_tributacao[" TRIBUTACAO "];?>">
          <?php echo $linha_tributacao["TRIBUTACAO"];?>
        </option>

        <?php
									}
								?>
    </select>

  </div>

  <div class="col-xs-12 col-sm-12  col-lg-12 "></div>
  <!--divisor-->

  <div class="col-sm-8 col-lg-6 ">
    <div class="">
      <h5>Atividade</h5>
      <select name="atividade" id="atividade" class="input-sm form-control">
        <option></option>
        <?php
										while($linha_atividade = mysqli_fetch_assoc($lista_atividade))
										{
									?>
          <option value="<?php echo $linha_atividade[" TIPO_ATIVIDADE "];?>">
            <?php echo $linha_atividade["TIPO_ATIVIDADE"]; ?>
          </option>

          <?php
										}
									?>
      </select>
    </div>
  </div>

  <div class="col-sm-4 col-lg-2 form-group">
    <h5>Status</h5>
    <select name="status" id="status" class="input-sm form-control">
      <option></option>
      <?php
										while($linha_status = mysqli_fetch_assoc($lista_status))
										{
									?>
        <option value="<?php echo $linha_status[" STATUS "];?>">
          <?php echo $linha_status["STATUS"]; ?>
        </option>

        <?php
										}
									?>
    </select>
  </div>

  <div class="form-group">
    <input type="hidden" name="botao-click-dashboard" id="botao-click-dashboard">
  </div>


  <div class="col-sm-12 col-lg-2 form-group">
    <h5>Pesquisar</h5>
    <input name="enviar" id="enviar" class="btn btn-sm btn-primary  btn-block  form-control" type="submit" value="Buscar">

  </div>

</form>

Filter code:

<?php


						
//PREENCHE AS VARIÁVEIS COM OS DADOS VINDOS DOS CAMPOS DO FORMULÁRIO

filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING);

$pegaropcao   = filter_input(INPUT_POST, 'prioridade', FILTER_SANITIZE_STRING); 
$tipodedata = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
//$dataInicial = !empty($_POST["dataInicial"]) ? $_POST["dataInicial"] : null;
$dataInicial = !empty($_POST["dataInicial"]) ? filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING) : null;
//$dataFinal  = !empty($_POST["dataFinal"]) ? $_POST["dataFinal"] : null;
$dataFinal = !empty($_POST["dataFinal"]) ? filter_input(INPUT_POST, 'dataFinal', FILTER_SANITIZE_STRING) : null;
$cod = filter_input(INPUT_POST, 'cod', FILTER_SANITIZE_STRING);
//$empresas   = !empty($_POST["empresas"]) ? $_POST["empresas"] : "";
$empresas   = !empty($_POST["empresas"]) ? filter_input(INPUT_POST, 'empresas', FILTER_SANITIZE_STRING) : "";
//$tributacao = !empty($_POST["tributacao"]) ? $_POST["tributacao"] : "";
$tributacao = !empty($_POST["tributacao"]) ? filter_input(INPUT_POST, 'tributacao', FILTER_SANITIZE_STRING) : "";
//$atividade  = !empty($_POST["atividade"]) ? $_POST["atividade"] : "";
$atividade = !empty($_POST["atividade"]) ? filter_input(INPUT_POST, 'atividade', FILTER_SANITIZE_STRING) : "";	
				
$status = filter_input(INPUT_POST, 'status', FILTER_SANITIZE_STRING); 
$condicao = filter_input(INPUT_POST, 'botao-click-dashboard', FILTER_SANITIZE_STRING);
if(is_string($_SESSION["nome"])){
	$responsavel = $_SESSION["nome"];
}else{
	die("A SESSION[nome] não tem caracter String");
	exit;			
}
?>

  • which error is being displayed?

  • The tense is that no error is being displayed in PHP. Error is being displayed in AJAX with the return data of the query. Are you saying that AJAX is not receiving feedback.

  • and no record appears in db tbm?

  • No. Now as a test, I took the filter_input and did it directly with $_POST and it worked. The error then is in using the filters. I think I’ve done something wrong. I just can’t figure out what.

  • Because you don’t take the dates as follows, for example.: $dataInicial = DateTime::createFromFormat('d/m/Y', filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING)); Using the format of your system, it could be 'd-m-Y'. Do it in all kind of date, for everyone.

  • @Fabianomonteiro, but why would I do it ? The way I was doing was working. It started to go wrong only when I put the filters in. Adding value to the variable, directly from $_POST, was working.

  • @Thiagopetherson It was working the way it was before, now, when using the filters, treat the dates. Do the test! In the case I sent above, as you treat there nnum ternary operator, it would be: $dataInicial = !empty($_POST["dataInicial"]) ? DateTime::createFromFormat('d/m/Y', filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING)) : null;

  • Date can be treated as STRING normally ?

  • @Thiagopetherson yes! binds where uses ternary and where does not use. And applies accordingly. It is also worth remembering how your date is caught in the POST (00-00-0000), or (00/00/0000). And also, in a second part, evaluate the use of FILTER_VALIDATE_INT for what is not string, but integer

  • Fabiano, unfortunately gave error. AJAX did not receive feedback data of the query. I did exactly the way you said and added the ternary conditions...

  • But looking at my code, there’s something wrong with it ?

  • @Thiagopetherson Take out the filter_input of the ternary condition: $dataInicial = filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING);&#xA;$dataInicial = (!empty($_POST["dataInicial"])) ? $dataInicial: null;

  • @Thiagopetherson What is the purpose of filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING); in the first line? Another, put the html of the form.

  • @Fabianomonteiro, I was recommended to use filters in all fields. Including those that are dynamically populated. In the field date, I put it because I thought there would be no problem.

  • @Thiagopetherson I say the first line, which has no variable receiving. What does he do there? Comment on that line, because it doesn’t have a goal there. Did you test taking filter_input from the ternary? Take filter_input from ternary condition, do so: $dataInicial = filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING); $dataInicial = (!empty($_POST["dataInicial"])) ? $dataInicial: null; When I say take it off, it’s to do the treatment before using the ternary condition. Treat the variable first with filter_input and then use it on the ternary operator.

Show 11 more comments

1 answer

1


There is a filter_input loose, aimless in the first line of your code.

What is the purpose of: filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING); It must be removed from the code.

Then take out the filter_input that is within the ternary condition. Do the treatment before, getting like this:

 $dataInicial = filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING);

 $dataInicial = (!empty($_POST["dataInicial"])) ? $dataInicial : null;

Then also check the fields that are numeric and are being treated as string, see some filters in: https://www.php.net/manual/en/filter.filters.sanitize.php

Apart from the filters, you can eutilize the flags of each type of filter:

The FILTER_SANITIZE_STRING filter removes tags and removes or encodes special characters from a string. Possible options and flags:

FILTER_FLAG_NO_ENCODE_QUOTES - Does not encode quotes

FILTER_FLAG_STRIP_LOW - Remove characters with ASCII value < 32

FILTER_FLAG_STRIP_HIGH - Remove characters with ASCII value > 127

FILTER_FLAG_ENCODE_LOW - Encodes characters with ASCII value < 32

FILTER_FLAG_ENCODE_HIGH - Encodes characters with ASCII value > 127

FILTER_FLAG_ENCODE_AMP - Encode the character "&" for &amp;

Ex:

filter_var($str, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);

Browser other questions tagged

You are not signed in. Login or sign up in order to post.