Reputation: 20342
PHP - filter_input() expects parameter 3 to be long, string given
I am developing a PHP site for someone, it works perfectly fine locally on my own webserver. I pushed it to the remote host and now I get:
Warning: filter_input() expects parameter 3 to be long, string given
at this code:
<script type="text/javascript">
<?php
$page = filter_input(INPUT_GET, 'page', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if (isset($page)) {
echo "var page = '$page';";
} else {
echo "var page = 'home.html';";
}
?>
</script>
This happens with the code if the page loads:
<script type="text/javascript">
<br />
<b>Warning</b>: filter_input() expects parameter 3 to be long, string given in <b>/home/kraeuterelfe-de/htdocs/neueSeite/index.php</b> on line <b>68</b><br />
var page = 'home.html'; </script>
<script src="js/main.js"></script>
I don't know why it throws this error, since FILTER_SANITIZE_FULL_SPECIAL_CHARS is not a string.
My local webserver runs PHP 7.1.1 while the remote webserver runs 5.2.6
Upvotes: 1
Views: 1336
Answers (2)
Reputation: 96417
I don't know why it throws this error, since FILTER_SANITIZE_FULL_SPECIAL_CHARS is not a string.
My local webserver runs PHP 7.1.1 while the remote webserver runs 5.2.6
According to this comment, http://php.net/manual/en/filter.filters.sanitize.php#111398, FILTER_SANITIZE_FULL_SPECIAL_CHARS was added with PHP version 5.3.3.
The function expects a long value as second parameter, but the constant FILTER_SANITIZE_FULL_SPECIAL_CHARS does not exist yet when you run this code under PHP 5.2.6, so PHP does what it always does when it encounters an undefined constant - it assumes you actually meant it to be a string/text literal containing the constant name as text. (You should also have gotten a "Notice: Use of undefined constant FILTER_SANITIZE_FULL_SPECIAL_CHARS - assumed 'FILTER_SANITIZE_FULL_SPECIAL_CHARS' in [...]", at least if you have PHP configured to display notices as well.)
That's the explanation for the specific error message,
filter_input() expects parameter 3 to be long, string given
As you mentioned in your own answer, you found a workaround/alternate solution already, so I'm adding this for explanation only.
You might want to specify the charset as well with htmlspecialchars though, because http://php.net/manual/en/function.htmlspecialchars.php:
PHP 5.4 and 5.5 will use UTF-8 as the default. Earlier versions of PHP use ISO-8859-1.
So under 5.2.6, you might want to specify UTF-8, assuming your app/site uses that; otherwise that can have some security implications.
Upvotes: 2
Reputation: 20342
I found the following info on php.net:
FILTER_SANITIZE_FULL_SPECIAL_CHARS -> Equivalent to calling htmlspecialchars() with ENT_QUOTES set.
So I changed
$page = filter_input(INPUT_GET, 'page', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
to
$page = htmlspecialchars($_GET['page'], ENT_QUOTES);
Now it works again.
Upvotes: 0
Related Questions
- filter_input with invalid filter
- PHP filter_require_array is failing
- How do I use filter_input to get parameter array?
- Warning: filter_var() expects parameter 2 to be long, string given in
- php - filter_var() expects 3 arguments max
- Give filter_var() filter by passing a variable PHP (filter_var() expects parameter 2 to be long, string given)
- PHP filter_input not working
- PHP expected exactly 3 parameters, ignore the additional ones to remove the warning?
- PHP Filter Failing
- Why is filter_input() incomplete?