PHPDeveloper.org: php|architect: Never Use $_GET Again

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

PHPMaster.com: Zend Job Queue

Rob Diana's Blog: Web And Scripting Programming Language Job Trends - August 2011

Job Posting: Options Consulting Solutions Seeks PHP Developer Team Lead (Toronto, Canada)

Job Posting: FireScope Seeks Experienced Web Application Developer/Manager (Dallas, TX)

Kevin Schroeder's Blog: Added (PHP 5.3) job queuing to my WordPress instance

Job Posting: Jacob Group (Recruiter) Seeks Director of Software Development (Lacrosse, WI)

Job Posting: Skillshare Seeks Senior Frontend Engineer (New York, NY)

Job Posting: SoftLayer Seeks Software Engineer - Interface Development (Dallas, Tx)

Job Posting: Company Confidential Seeks Senior PHP Developer (Montreal, Quebec, Canada)

Job Posting: SoftLayer Seeks Software Engineer - Systems Development (Dallas, Tx)

News Archive

Leaseweb Labs Blog: Migration to Symfony2 continued

SitePoint.com: How to Create Your Own Random Number Generator in PHP

Refulz.com: The __toString() Method - Objects as Strings

PHPMaster.com: Using Traits in PHP 5.4

Site News: Blast from the Past - One Year Ago in PHP

Ibuildings techPortal: DPC Radio: Implementing OAuth

Artur Ejsmont's Blog: A few words on bugs and software quality

Developer Drive: Building a PHP Ad Tracker: Data Object Design and Coding

Refulz.com: CakePHP evolves to 2.0

Ed Finkler's Blog: The MicroPHP Follow-up FAQ

php|architect:
Never Use $_GET Again

by Chris Cornutt July 09, 2010 @ 09:15:48

In this new post to the php|architect blog Matt Butcher offers a security tip for all PHP developers out there - never use $_GET again.

You don't need to use $_GET or $_POST anymore. In fact, you probably shouldn't use $_GET and $_POST anymore. Since PHP 5.2, there is a new and better way to safely retrieve user-submitted data. [...] Rather than accessing the $_GET and $_POST superglobals directly, you can make use of PHP functions like filter_input() and filter_input_array().

He gives a code example of it in use and talks about the two things these functions do to help keep you safe - validate the data for correct match on criteria and sanitizing the value to ensure the return value is only what's requested. You can find more about these filter functions in the Filters section of the PHP manual.

1 comment voice your opinion now!
filter superglobal get security

Community Events

Don't see your event here?
Let us know!

All content copyright, 2012 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework