I just came across this snippet in our code base:
$token = filter_input(INPUT_GET, 'token', FILTER_VALIDATE_STRING);
if ($token === false || $token === null) {
die('invalid token');
}
FILTER_VALIDATE_STRING
is not a valid filter type. Does that mean it would just revert to FILTER_DEFAULT
, as an unrecognized filter has been passed in?
You'll get a warning that an undefined constant is being used, and PHP will go ahead and turn it into a string literal. The best thing to do is use a constant that is defined in the documentation .
All GET and POST vars are strings, and as you have noted FILTER_VALIDATE_STRING
is not a defined constant. If you enable error reporting you will see:
Notice: Use of undefined constant FILTER_VALIDATE_STRING - assumed 'FILTER_VALIDATE_STRING'
Warning: filter_input() expects parameter 3 to be long, string given
So filter_input()
will return NULL
just like any other function that is not passed required arguments.
This is assuming that whoever wrote this did not also define FILTER_VALIDATE_STRING
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.