filter_input with invalid filter
Question
I just came across this snippet in our code base:
$token = filter_input(INPUT_GET, 'token', FILTER_VALIDATE_STRING);
if ($token === false || $token === null) {
die('invalid token');
}
FILTER_VALIDATE_STRING is not a valid filter type. Does that mean it would just revert to FILTER_DEFAULT , as an unrecognized filter has been passed in?
2 answers
solution1
1 2016-06-20 21:05:42
You'll get a warning that an undefined constant is being used, and PHP will go ahead and turn it into a string literal. The best thing to do is use a constant that is defined in the documentation .
solution2
1 ACCPTED 2016-06-20 21:09:28
All GET and POST vars are strings, and as you have noted FILTER_VALIDATE_STRING is not a defined constant. If you enable error reporting you will see:
Notice: Use of undefined constant FILTER_VALIDATE_STRING - assumed 'FILTER_VALIDATE_STRING'
Warning: filter_input() expects parameter 3 to be long, string given
So filter_input() will return NULL just like any other function that is not passed required arguments.
This is assuming that whoever wrote this did not also define FILTER_VALIDATE_STRING .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.