filter-input | 易学教程

PHP Error- filter_input() expects parameter 3 to be integer, string given [duplicate]

阅读更多关于 PHP Error- filter_input() expects parameter 3 to be integer, string given [duplicate]

问题 This question already has answers here : Reference - What does this error mean in PHP? (36 answers) Closed 3 years ago . I'm trying to create a form that stores details to a database, however, when I try to sanatize/validate the inputs I keep getting the following error filter_input() expects parameter 3 to be integer, string given My code is as follows, any help on how to sort this would be great! $customer->EMAIL = filter_input(INPUT_POST, 'EMAIL', 'FILTER_VALIDATE_EMAIL'); $customer->TITLE

PHP Error- filter_input() expects parameter 3 to be integer, string given [duplicate]

阅读更多关于 PHP Error- filter_input() expects parameter 3 to be integer, string given [duplicate]

PHP filter_input(INPUT_SERVER, 'REQUEST_METHOD') returns null?

阅读更多关于 PHP filter_input(INPUT_SERVER, 'REQUEST_METHOD') returns null?

问题 Why does this line return null in my live server? filter_input(INPUT_SERVER, 'REQUEST_METHOD'); The live server is php5.5.9 Have I missed something? I thought it is used to replace the global method below? $_SERVER['REQUEST_METHOD']; some of the code, public function __construct() { // Construct other generic data. $this->clientRequestMethod = filter_input(INPUT_GET, 'method'); // such as list, add, update, etc $this->clientPostMethod = filter_input(INPUT_POST, 'method'); // such as update

PHP's new input_filter does not read $_GET or $_POST arrays

阅读更多关于 PHP's new input_filter does not read $_GET or $_POST arrays

问题 In PHP 5.2 there was a nice security function added called "input_filter", so instead of saying: $name = $_GET['name']; you can now say: $name = filter_input (INPUT_GET, 'name', FILTER_SANITIZE_STRING); and it automatically sanitizes your string, there is also: FILTER_SANITIZE_ENCODED FILTER_SANITIZE_NUMBER_INT FILTER_SANITIZE_EMAIL FILTER_SANITIZE_URL etc. so this is a very convenient security feature to use and I want to switch over to it completely. The problem is... I often manipulate the

PHP's filter_input() strips $_SERVER data on external host, but works on localhost

阅读更多关于 PHP's filter_input() strips $_SERVER data on external host, but works on localhost

问题 I am running an apache2 server where I do my localhost testing (PHP 5.5), but my hosting provider has PHP 5.3. I don't know whether that is an issue, but I mention it just in case. My problem is this: I am seeking to note a couple of $_SERVER variables, but the filter_input() function returns false for some reason, but only on my host server. It works fine on localhost. Echoing verifies the expected output: echo $_SERVER['HTTP_USER_AGENT']; echo $_SERVER['REMOTE_ADDR']; Returns as expected:

Difference between filter_input and direct acces on $_POST after objective ajax request

阅读更多关于 Difference between filter_input and direct acces on $_POST after objective ajax request

问题 I have different results by using filter_input(INPUT_POST, 'attribute') and $_POST['attribute'] and don't know why this happens. The Post-Request is send by a JavaScript build with JQuery and looks like that: // type javaScript var formData = { field_a: "valueA", field_b: "", field_c: undefined }; $.ajax({ url: 'serverAddress', data: {action: 99, formData: formData}, dataType: 'json', method: 'post', success: function(){ console.log(arguments) } }); My PHP-Script looks like that: // type php

How to add an option and a flag to filter_input

阅读更多关于 How to add an option and a flag to filter_input

问题 How do you add both an option and a flag to filter_input? The PHP documentation says to use an associative array but doesn't give any examples on the correct syntax. I've tried various formats, including the following: $textOpts = filter_input(INPUT_POST, "text", FILTER_SANITIZE_STRING, array("options" => FILTER_FORCE_ARRAY, "flags" => !FILTER_FLAG_ENCODE_LOW)); $textOpts = filter_input(INPUT_POST, "text", FILTER_SANITIZE_STRING, array("options" => array(FILTER_FORCE_ARRAY), "flags" => array(

filter_input and mysqli_real_escape_string for integers

阅读更多关于 filter_input and mysqli_real_escape_string for integers

问题 I'm developing a simple PHP database application for internal use but would like to code it to best practices. Some of my pages are receiving integer values from GET requests and I'm just wondering how much validation and sanitation is really required. Currently I'm using $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, $num_options); with specified min and max values. From here I'm exiting with an error message if $num == false Is it necessary to also use $mysqli->real_escape

filter_input and mysqli_real_escape_string for integers

阅读更多关于 filter_input and mysqli_real_escape_string for integers

I'm developing a simple PHP database application for internal use but would like to code it to best practices. Some of my pages are receiving integer values from GET requests and I'm just wondering how much validation and sanitation is really required. Currently I'm using $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, $num_options); with specified min and max values. From here I'm exiting with an error message if $num == false Is it necessary to also use $mysqli->real_escape_string($num); Currently I am not bothering because I think it's quite hard to do SQL injection using an

Pass a value into filter_input() using variable

阅读更多关于 Pass a value into filter_input() using variable

问题 Can anyone please explain, why do I get very strange warning: filter_input() expects parameter 1 to be long, string given when executing the code, that is part of my class and which seems perfectly fine: public static function Input($type, $data, $filter = 'FILTER_SANITIZE_SPECIAL_CHARS') { $type = 'INPUT_' . $type; return filter_input($type, $data, $filter); } In case I change it to, for example: return filter_input(INPUT_POST, $data, $filter); Then the warning goes to: filter_input()