Is there some equivalent of filter_input
I can use with $_SESSION
as I would with $_POST
?
When I tried it gives the error :
Warning: filter_input(): INPUT_SESSION is not yet implemented
session_start();
$x=filter_input(INPUT_SESSION, 'x');
if ($x){
echo $x;
}
php version: PHP Version 5.5.12-1+deb.sury.org~precise+1
I have the same problem like you. Maybe we are so rigorous but I solved the problem without compromising any security/filter.
I used filter_var
instead of filter_input
.
an example is like this:
session_start();
$_SESSION['baba'] = "co";
$ses = filter_var($_SESSION['baba']);
if (!empty($ses)) {
echo $ses;
}
Seems like $_SESSION doesnt work the same that $_SERVER. After many combinations i had a similar issue. I'll leave some of my code after fixing so you can see the difference:
Here is the original code with warnings due to direct access to these variables
if ( (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) ||
($_SESSION['REMOTE_ADDR'] != $_SERVER['REMOTE_ADDR']) ||
(!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) ||
($_SESSION['HTTP_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT'])
) {
header("Location: ../login.php");
}
Below is the code after including filters and cleared warnings
if ( (!isset($_SESSION['loggedin']) || (filter_var($_SESSION['loggedin']) == false)) ||
(filter_var($_SESSION['REMOTE_ADDR']) != filter_input(INPUT_SERVER,'REMOTE_ADDR')) ||
(!isset($_SESSION['loggedin']) || (filter_var($_SESSION['loggedin']) == false)) ||
(filter_var($_SESSION['HTTP_USER_AGENT']) != filter_input(INPUT_SERVER,'HTTP_USER_AGENT') )
) {
header("Location: ../login.php");
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.