PHPDeveloper.org: php|architect: Never Use $_GET Again

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Kevin Schroeder's Blog: How to (properly) evaluate Zend Server - Introduction

Job Posting: Oakley Seeks Web Software Engineer (Foothill Ranch, CA)

Job Posting: Etouches.com Seeks Web Developer (Reading, UK or Ridgefield, CT)

Job Posting: Broadcast Interactive Media Seeks PHP Developer (Madison, WI)

Job Posting: Return Path, Inc. Seeks PHP Web Developer (Broomfield, CO)

Job Posting: HypedSound Seeks Co-Founder/Lead Developer (Virtual, NYC)

Job Posting: deviantART Seeks Web Application Developers (Telecommute)

Job Posting: TheChange.com Seeks Lead Web Developer - PHP (Vancouver, BC)

Job Posting: DunnWell, LLC Seeks OO PHP/Software Developer (Durham, NC)

Kore Nordmann's Blog: Native parallel PHP job queue

News Archive

Gonzalo Ayuso's Blog: Using Monkey Patching to store files in CouchDb using the standard filesystem

Kevin Schroeder's Blog: You want to do WHAT with PHP? Chapter 4

TechTatva.com: [How To] Setup Cherokee with PHP5 FPM

Zend Developer Zone: Zend Framework is a BOSSie Award Winner

ThinkPHP Blog: Contributing to Zend Framework

Developer.com: Getting Started with Memcached Distributed Memory Caching

AjaxRay.com: Extending Zend Form Element to create customized Phone number field

Site News: Blast from the Past - One Year Ago in PHP

Gonzalo Ayuso's Blog: Using CouchDb as filesystem with PHP

Web Builder Zone: The different kinds of testing

php|architect:
Never Use $_GET Again

by Chris Cornutt July 09, 2010 @ 09:15:48

In this new post to the php|architect blog Matt Butcher offers a security tip for all PHP developers out there - never use $_GET again.

You don't need to use $_GET or $_POST anymore. In fact, you probably shouldn't use $_GET and $_POST anymore. Since PHP 5.2, there is a new and better way to safely retrieve user-submitted data. [...] Rather than accessing the $_GET and $_POST superglobals directly, you can make use of PHP functions like filter_input() and filter_input_array().

He gives a code example of it in use and talks about the two things these functions do to help keep you safe - validate the data for correct match on criteria and sanitizing the value to ensure the return value is only what's requested. You can find more about these filter functions in the Filters section of the PHP manual.

1 comment voice your opinion now!
filter superglobal get security

by erer - 07.12.2010 @ 07:40:31

is this spam? let us know!

Similar Posts

Dhiraj Patra's Blog: Writing Scalable Applications with PHP

Secunia.com: PHP "glob()" Code Execution Vulnerability

Stoyan Stefanov's Blog: Simultaneous HTTP requests in PHP with cURL

Sean Coates\' Blog: Security and...Driving? (and Hiring)

Justin Siltervon\'s Blog: 5 Reasons not to use OSCommerce

Community Events

phpnw10 PHP Conference 09/10/2010

Don't see your event here?
Let us know!

All content copyright, 2010 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework