简体繁体 English

输入数据验证时filter_var和filter_input之间的差异

[英]Difference between filter_var and filter_input on input data validation

原文 2016-07-14 12:17:17 4 2 php/ performance/ validation/ filter-var/ filter-input

What's the difference between using one of these two functions when validating user input? 在验证用户输入时使用这两个函数之一有什么区别？ Strictly regarding the function calls, there's no requirement to change the $_POST array for instance. 严格来说，关于函数调用，不需要更改$ _POST数组。

$result = filter_var($_POST['user_input'], FILTER_VALIDATE_INT); $ result = filter_var（$ _ POST ['user_input']，FILTER_VALIDATE_INT）;

vs VS

$result = filter_input(INPUT_POST, 'user_input', FILTER_VALIDATE_INT); $ result = filter_input（INPUT_POST，'user_input'，FILTER_VALIDATE_INT）;

Or there's no difference between the two calls above, not even performance wise, but rather just a matter of preference? 或者上述两个电话之间没有区别，甚至表现不明智，而只是一个偏好问题？

PS: I know there's a similar question on SO - Differences between filter_var and filter_input - but that just states how the 2 methods should be called, not what's the actual difference. PS：我知道在SO上有一个类似的问题 - filter_var和filter_input之间的差异 - 但这只是说明应该如何调用2个方法，而不是实际的差异。

2 个解决方案

From what i read on php.net, 从我在php.net上看到的，

The filter_var will simply work for any variable in your code, whenever you use it, it will check the value at that moment. filter_var将仅适用于代码中的任何变量，无论何时使用它，它都会检查当时的值。

The filter_input value will check the original values of your input, meaning that if you change $_POST['something'] , the filter_input(INPUT-POST, "something", FILTER) will perform a check on the value it had before you altered it. filter_input值将检查输入的原始值 ，这意味着如果更改$_POST['something'] ， filter_input(INPUT-POST, "something", FILTER)将对您更改之前的值进行检查它。 It also doesn't seem to trigger a E_NOTICE on execution when the value is not set. 当未设置值时，它似乎也不会在执行时触发E_NOTICE 。