Reputation: 65
PHP: How to handle $_POST data
I'm getting a warning on netbeans when using this code. Could someone post code that won't show any warning in netbeans and achieves what I want. Does my code contain a security flaw?
.
The warning I'm getting says "Never directly access Superglobal $_POST. Use some filtering function instead."
.
<?php
//test if required vars are set
if (
isset($_POST['num']) &&
isset($_POST['desc'])
) {
(double) $num = filter_var($_POST['num'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
$desc = $_POST['desc'];
//do stuff after with these vars such as: mysqli queries; equations with ! === || &&.
}
?>
Upvotes: 3
Views: 264
Answers (2)
Reputation: 9285
Try to use this:
<?php
if (filter_input(INPUT_POST, 'num') && filter_input(INPUT_POST, 'desc')) {
(double) $num = filter_input(INPUT_POST, 'num', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
$desc = filter_input(INPUT_POST, 'desc');
//do stuff after with these vars such as: mysqli queries; equations with ! === || &&.
}
Upvotes: 1
Reputation: 91734
I wouldn't worry too much about that warning, even the line where you actually use a filter function (although a different one than NetBeans suggests...) generates that same message.
These are hints that should make you think about what you are doing and they can be very useful.
However, if you don't want to see them, you can go to:
Tools > Options > Editor > Hints
And turn specific warnings off individually.
Upvotes: 0
Related Questions
- Post data using php
- Problem handling data to php with POST method
- Send POST data with Java
- PHP Script - Sending data ($_POST) for then will be able to parsing data
- PHP - A Better way to call $_POST Data?
- Post with Java to PHP sending parameters and read parameters from PHP
- PHP Post Variable
- php $_POST array: what in java?
- PHP Post variables
- about post data