[英]filter_input with invalid filter
I just came across this snippet in our code base: 我刚刚在我们的代码库中遇到了以下片段:
$token = filter_input(INPUT_GET, 'token', FILTER_VALIDATE_STRING);
if ($token === false || $token === null) {
die('invalid token');
}
FILTER_VALIDATE_STRING
is not a valid filter type. FILTER_VALIDATE_STRING
不是有效的过滤器类型。 Does that mean it would just revert to FILTER_DEFAULT
, as an unrecognized filter has been passed in? 这是否意味着由于
FILTER_DEFAULT
了无法识别的过滤器而将其恢复为FILTER_DEFAULT
?
You'll get a warning that an undefined constant is being used, and PHP will go ahead and turn it into a string literal. 您将收到一条警告,指出正在使用未定义的常量,PHP会继续将其转换为字符串文字。 The best thing to do is use a constant that is defined in the documentation .
最好的办法是使用文档中定义的常量。
All GET and POST vars are strings, and as you have noted FILTER_VALIDATE_STRING
is not a defined constant. 所有GET和POST变量都是字符串,并且您已经注意到
FILTER_VALIDATE_STRING
不是定义的常量。 If you enable error reporting you will see: 如果启用错误报告,您将看到:
Notice: Use of undefined constant FILTER_VALIDATE_STRING - assumed 'FILTER_VALIDATE_STRING'
注意:使用未定义的常量FILTER_VALIDATE_STRING-假定为'FILTER_VALIDATE_STRING'
Warning: filter_input() expects parameter 3 to be long, string given
警告:filter_input()期望参数3长,并给出字符串
So filter_input()
will return NULL
just like any other function that is not passed required arguments. 因此
filter_input()
将返回NULL
,就像未传递必需参数的任何其他函数一样。
This is assuming that whoever wrote this did not also define FILTER_VALIDATE_STRING
. 假设撰写此内容的人也未定义
FILTER_VALIDATE_STRING
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.