What’s the difference in using $_POST['field'] and filter_input(INPUNT_POST,'field')?

Asked

Viewed 56 times

0

// Método 1
$campo = $_POST['campo'];

// Método 2
$campo2 = filter_input(INPUT_POST,'campo');

What is the best way to get data on the form?

  • Did the answer solve your question? Do you think you can accept it? See [tour] if you don’t know how you do it. This would help a lot to indicate that the solution was useful to you. You can also vote on any question or answer you find useful on the entire site

1 answer

2

Essentially nothing different at all. If you use some filter specification in the function, then it can be different, because a filter will be used and some data will be cleaned within the specification used. This can be seen in more detail at documentation.

According to the documentation, the way you used it, it’s like you specified the FILTER_DEFAULT, which equals to FILTER_UNSAFE_RAW. That is, in the end it filters absolutely nothing, if not use together with any flag.

Of course the internal process is a little different, but this is not relevant.

An important point is that many people may start to think that they should filter everything, but it is not always the right one, they need to have a reason and know what they are doing, because there is nothing worse than having a feeling of security without being safe. In many cases a filter is not necessary, it is only descriptive data, in others it needs a specific manual processing and it does not have something ready to deal with it. And there are cases that this validation and cleaning will occur differently, for example with the correct use in a query in a database, where much of the websites suffer, as we see the staff posting here.

The best way is the most suitable for the situation and to know this needs the specific case and master all aspects of programming. But the second, in the way used, clearly has no advantage over the first.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.