Error using filter_input in PHP

Question

Error using filter_input in PHP

Asked 5 years, 2 months ago

Viewed 140 times

1

Hello, folks. I have one and I’m trying to process its data in the php file. (I’m using AJAX to upload to the PHP file).

The query was normally performed before I put the filter_input. However, after putting them, the query is no longer performed.

You can point out a mistake I’m making in using filters.

Image of the form below:

HTML code

<form id="formulario-consulta">
  <!-- FORMULÁRIO DE PESQUISA -->

  <!--div superior com as datas-->

  <div class="col-sm-3 col-lg-2 form-group">
    <h5>Filtrar por atividade :</h5>
    <div class="radio">
      <select name="prioridade" id="prioridade" class="input-sm form-control">
        <option value="Todos" selected>TODOS</option>
        <option value="Comum">COMUM</option>
        <option value="Extra">EXTRA</option>
        <option value="Urgente">URGENTE</option>
      </select>
    </div>
  </div>

  <div class="col-sm-3 col-lg-2 form-group">
    <h5>Filtrar por data de:</h5>
    <div class="radio">
      <select name="data" id="data" class="input-sm form-control">
        <option value="inicio">INÍCIO</option>
        <option value="finalizacao">FINALIZAÇÃO</option>
        <option value="vencimento" selected>VENCIMENTO</option>
      </select>
    </div>

  </div>




  <div class="col-xs-12 col-sm-3 col-lg-2">
    <h5 class="col-sm-3  col-xs-12">De:</h5>
    <input type="date" name="dataInicial" id="dataInicial" class="col-xs-12 input-sm form-control ">
  </div>

  <div class="col-xs-12 col-sm-3 col-lg-2  form-group">
    <h5 class="col-sm-3 col-xs-12">Até:</h5>
    <input type="date" name="dataFinal" id="dataFinal" class="col-xs-12 input-sm form-control">
  </div>

  <div class="col-xs-12 col-sm-12  col-lg-12 "></div>
  <!--divisor-->


  <div class="col-sm-2 col-lg-1 ">
    <h5>Código</h5>
    <div class="radio">
      <select name="cod" id="cod" class="input-sm form-control">
        <option></option>
        <?php
										while($linha_cod = mysqli_fetch_assoc($lista_cod))
										{
									?>
          <option id="<?php echo $linha_cod['EMPRESAS'];?>" value="<?php echo $linha_cod[" COD "];?>">
            <?php echo $linha_cod["COD"]; ?>
          </option>
          <?php
										}
									?>
      </select>
    </div>
  </div>
  <div class=" col-sm-7 cols-sm-offset-0 col-lg-6">
    <div class="">
      <h5>Cliente</h5>
      <select name="empresas" id="empresas" class="input-sm form-control">
        <option></option>
        <?php
									while($linha_empresas = mysqli_fetch_assoc($lista_empresas))
									{
									?>
          <option id="<?php echo $linha_empresas['COD'];?>" value="<?php echo $linha_empresas[" EMPRESAS "];?>">
            <?php echo $linha_empresas["EMPRESAS"];?>
          </option>

          <?php
										}
									?>
      </select>
    </div>
  </div>

  <div class=" col-sm-3 col-lg-2">

    <h5>Tributação</h5>
    <select name="tributacao" id="tributacao" class="input-sm form-control">
      <option></option>
      <?php
									while($linha_tributacao = mysqli_fetch_assoc($lista_tributacao))
									{
								?>
        <option value="<?php echo $linha_tributacao[" TRIBUTACAO "];?>">
          <?php echo $linha_tributacao["TRIBUTACAO"];?>
        </option>

        <?php
									}
								?>
    </select>

  </div>

  <div class="col-xs-12 col-sm-12  col-lg-12 "></div>
  <!--divisor-->

  <div class="col-sm-8 col-lg-6 ">
    <div class="">
      <h5>Atividade</h5>
      <select name="atividade" id="atividade" class="input-sm form-control">
        <option></option>
        <?php
										while($linha_atividade = mysqli_fetch_assoc($lista_atividade))
										{
									?>
          <option value="<?php echo $linha_atividade[" TIPO_ATIVIDADE "];?>">
            <?php echo $linha_atividade["TIPO_ATIVIDADE"]; ?>
          </option>

          <?php
										}
									?>
      </select>
    </div>
  </div>

  <div class="col-sm-4 col-lg-2 form-group">
    <h5>Status</h5>
    <select name="status" id="status" class="input-sm form-control">
      <option></option>
      <?php
										while($linha_status = mysqli_fetch_assoc($lista_status))
										{
									?>
        <option value="<?php echo $linha_status[" STATUS "];?>">
          <?php echo $linha_status["STATUS"]; ?>
        </option>

        <?php
										}
									?>
    </select>
  </div>

  <div class="form-group">
    <input type="hidden" name="botao-click-dashboard" id="botao-click-dashboard">
  </div>


  <div class="col-sm-12 col-lg-2 form-group">
    <h5>Pesquisar</h5>
    <input name="enviar" id="enviar" class="btn btn-sm btn-primary  btn-block  form-control" type="submit" value="Buscar">

  </div>

</form>

Filter code:

<?php


						
//PREENCHE AS VARIÁVEIS COM OS DADOS VINDOS DOS CAMPOS DO FORMULÁRIO

filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING);

$pegaropcao   = filter_input(INPUT_POST, 'prioridade', FILTER_SANITIZE_STRING); 
$tipodedata = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
//$dataInicial = !empty($_POST["dataInicial"]) ? $_POST["dataInicial"] : null;
$dataInicial = !empty($_POST["dataInicial"]) ? filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING) : null;
//$dataFinal  = !empty($_POST["dataFinal"]) ? $_POST["dataFinal"] : null;
$dataFinal = !empty($_POST["dataFinal"]) ? filter_input(INPUT_POST, 'dataFinal', FILTER_SANITIZE_STRING) : null;
$cod = filter_input(INPUT_POST, 'cod', FILTER_SANITIZE_STRING);
//$empresas   = !empty($_POST["empresas"]) ? $_POST["empresas"] : "";
$empresas   = !empty($_POST["empresas"]) ? filter_input(INPUT_POST, 'empresas', FILTER_SANITIZE_STRING) : "";
//$tributacao = !empty($_POST["tributacao"]) ? $_POST["tributacao"] : "";
$tributacao = !empty($_POST["tributacao"]) ? filter_input(INPUT_POST, 'tributacao', FILTER_SANITIZE_STRING) : "";
//$atividade  = !empty($_POST["atividade"]) ? $_POST["atividade"] : "";
$atividade = !empty($_POST["atividade"]) ? filter_input(INPUT_POST, 'atividade', FILTER_SANITIZE_STRING) : "";	
				
$status = filter_input(INPUT_POST, 'status', FILTER_SANITIZE_STRING); 
$condicao = filter_input(INPUT_POST, 'botao-click-dashboard', FILTER_SANITIZE_STRING);
if(is_string($_SESSION["nome"])){
	$responsavel = $_SESSION["nome"];
}else{
	die("A SESSION[nome] não tem caracter String");
	exit;			
}
?>

which error is being displayed?

– Wees Smith

2019/04/20 at 17:02
The tense is that no error is being displayed in PHP. Error is being displayed in AJAX with the return data of the query. Are you saying that AJAX is not receiving feedback.

– Gato de Schrödinger

2019/04/20 at 17:06
and no record appears in db tbm?

– Wees Smith

2019/04/20 at 17:08
No. Now as a test, I took the filter_input and did it directly with $_POST and it worked. The error then is in using the filters. I think I’ve done something wrong. I just can’t figure out what.

– Gato de Schrödinger

2019/04/20 at 17:11
Because you don’t take the dates as follows, for example.: $dataInicial = DateTime::createFromFormat('d/m/Y', filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING)); Using the format of your system, it could be 'd-m-Y'. Do it in all kind of date, for everyone.

– Fabiano Monteiro

2019/04/20 at 17:11
@Fabianomonteiro, but why would I do it ? The way I was doing was working. It started to go wrong only when I put the filters in. Adding value to the variable, directly from $_POST, was working.

– Gato de Schrödinger

2019/04/20 at 17:14
@Thiagopetherson It was working the way it was before, now, when using the filters, treat the dates. Do the test! In the case I sent above, as you treat there nnum ternary operator, it would be: $dataInicial = !empty($_POST["dataInicial"]) ? DateTime::createFromFormat('d/m/Y', filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING)) : null;

– Fabiano Monteiro

2019/04/20 at 17:17
Date can be treated as STRING normally ?

– Gato de Schrödinger

2019/04/20 at 17:20
@Thiagopetherson yes! binds where uses ternary and where does not use. And applies accordingly. It is also worth remembering how your date is caught in the POST (00-00-0000), or (00/00/0000). And also, in a second part, evaluate the use of FILTER_VALIDATE_INT for what is not string, but integer

– Fabiano Monteiro

2019/04/20 at 17:20
Fabiano, unfortunately gave error. AJAX did not receive feedback data of the query. I did exactly the way you said and added the ternary conditions...

– Gato de Schrödinger

2019/04/20 at 17:26
But looking at my code, there’s something wrong with it ?

– Gato de Schrödinger

2019/04/20 at 17:27
@Thiagopetherson Take out the filter_input of the ternary condition: $dataInicial = filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING);
$dataInicial = (!empty($_POST["dataInicial"])) ? $dataInicial: null;

– Fabiano Monteiro

2019/04/20 at 17:34
@Thiagopetherson What is the purpose of filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING); in the first line? Another, put the html of the form.

– Fabiano Monteiro

2019/04/20 at 17:43
@Fabianomonteiro, I was recommended to use filters in all fields. Including those that are dynamically populated. In the field date, I put it because I thought there would be no problem.

– Gato de Schrödinger

2019/04/20 at 17:53
@Thiagopetherson I say the first line, which has no variable receiving. What does he do there? Comment on that line, because it doesn’t have a goal there. Did you test taking filter_input from the ternary? Take filter_input from ternary condition, do so: $dataInicial = filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING); $dataInicial = (!empty($_POST["dataInicial"])) ? $dataInicial: null; When I say take it off, it’s to do the treatment before using the ternary condition. Treat the variable first with filter_input and then use it on the ternary operator.

– Fabiano Monteiro

2019/04/20 at 17:55
Let’s go continue this discussion in chat.

– Fabiano Monteiro

2019/04/20 at 18:03

Show 11 more comments

1 answer

Browser other questions tagged php html ajax

You are not signed in. Login or sign up in order to post.

by Fabiano Monteiro • **1,192** points · Answer 1 · 2019-04-20T18:43:47+00:00

There is a filter_input loose, aimless in the first line of your code.

What is the purpose of: filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING); It must be removed from the code.

Then take out the filter_input that is within the ternary condition. Do the treatment before, getting like this:

 $dataInicial = filter_input(INPUT_POST, 'dataInicial', FILTER_SANITIZE_STRING);

 $dataInicial = (!empty($_POST["dataInicial"])) ? $dataInicial : null;

Then also check the fields that are numeric and are being treated as string, see some filters in: https://www.php.net/manual/en/filter.filters.sanitize.php

Apart from the filters, you can eutilize the flags of each type of filter:

The FILTER_SANITIZE_STRING filter removes tags and removes or encodes special characters from a string. Possible options and flags:

FILTER_FLAG_NO_ENCODE_QUOTES - Does not encode quotes

FILTER_FLAG_STRIP_LOW - Remove characters with ASCII value < 32

FILTER_FLAG_STRIP_HIGH - Remove characters with ASCII value > 127

FILTER_FLAG_ENCODE_LOW - Encodes characters with ASCII value < 32

FILTER_FLAG_ENCODE_HIGH - Encodes characters with ASCII value > 127

FILTER_FLAG_ENCODE_AMP - Encode the character "&" for &

Ex:

filter_var($str, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);