Reputation: 414
Difference between filter_var and filter_input on input data validation
What's the difference between using one of these two functions when validating user input? Strictly regarding the function calls, there's no requirement to change the $_POST array for instance.
$result = filter_var($_POST['user_input'], FILTER_VALIDATE_INT);
vs
$result = filter_input(INPUT_POST, 'user_input', FILTER_VALIDATE_INT);
Or there's no difference between the two calls above, not even performance wise, but rather just a matter of preference?
PS: I know there's a similar question on SO - Differences between filter_var and filter_input - but that just states how the 2 methods should be called, not what's the actual difference.
Upvotes: 4
Views: 2179
Answers (2)
Reputation: 564
From what i read on php.net,
The filter_var will simply work for any variable in your code, whenever you use it, it will check the value at that moment.
The filter_input value will check the original values of your input, meaning that if you change $_POST['something'], the filter_input(INPUT-POST, "something", FILTER) will perform a check on the value it had before you altered it.
It also doesn't seem to trigger a E_NOTICE on execution when the value is not set.
Reference post on php.net
Upvotes: 4
Reputation: 522402
If the request body does not contain the parameter user_input at all, $_POST['user_input'] will trigger a notice, filter_input(INPUT_POST, 'user_input', ..) won't.
Upvotes: 0
Related Questions
- Does chaining filter_input() and filter_var() cause the problem?
- two possible filters for entry of filter_input_array (php)
- When is filter_input() used versus filter_var()?
- PHP Security - (int) vs FILTER_VALIDATE_INT
- FILTER_SANITIZE vs FILTER VALIDATE, whats the difference - and which to use?
- Difference filter_input_array and filter_input with filter_require_array
- Why is better to use filter_input()?
- Differences between filter_var and filter_input
- PHP filter_var bug?
- Filtering user input - clarification needed