Warning Do not Access Superglobal POST Array Directly on Netbeans 7 4 for PHP

Question

I ve got this message warning on Netbeans 7 4 for PHP while I m using   POST    GET    SERVER           Do not Access Superglobal   POST Array Directly   What does it mean  What can I do to correct this warning   Edit  The Event sample code still shows this warning

User · Answer

Here is part of a line in my code that brought the warning up in NetBeans:

$page = (!empty($_GET['p']))

After much research and seeing how there are about a bazillion ways to filter this array, I found one that was simple. And my code works and NetBeans is happy:

$p = filter_input(INPUT_GET, 'p');
$page = (!empty($p))

User · Answer

Although a bit late  I ve come across this question while searching the solution for the same problem  so I hope it can be of any help     Found myself in the same darkness than you  Just found this article  which explains some new hints introduced in NetBeans 7 4  including this one   https   blogs oracle com netbeansphp entry improve your code with new  The reason why it has been added is because superglobals usually are filled with user input  which shouldn t ever be blindly trusted  Instead  some kind of filtering should be done  and that s what the hint suggests  Filter the superglobal value in case it has some poisoned content   For instance  where I had     SERVER  SERVER NAME     I ve put instead   filter input INPUT SERVER   SERVER NAME   FILTER SANITIZE STRING    You have the filter input and filters doc here   http   www php net manual en function filter-input php  http   www php net manual en filter filters php

User · Answer

I agree with the other answerers that in most cases  almost always  it is necessary to sanitize Your input   But consider such code  it is for a REST controller     method     SERVER  REQUEST METHOD     switch   method                case  GET                   return  this- gt doGet  request   object               case  POST                   return  this- gt doPost  request   object               case  PUT                   return  this- gt doPut  request   object               case  DELETE                   return  this- gt doDelete  request   object               default                  return  this- gt onBadRequest        It would not be very useful to apply sanitizing here  although it would not break anything  either    So  follow recommendations  but not blindly - rather understand why they are for

User · Answer

filter input INPUT POST   var name   instead of   POST  var name   filter input array INPUT POST  instead of   POST

User · Answer

Just use filter input INPUT METHOD NAME   var name   instead of   INPUT METHOD NAME  var name   filter input array INPUT METHOD NAME  instead of   INPUT METHOD NAME e g      host  filter input INPUT SERVER   HTTP HOST        echo  host   instead of      host    SERVER  HTTP HOST        echo  host   And use     var dump filter input array INPUT SERVER     instead of     var dump   SERVER    N B  Apply to all other Super Global variable

[php] Warning "Do not Access Superglobal $_POST Array Directly" on Netbeans 7.4 for PHP

Examples related to php

Examples related to netbeans

Examples related to superglobals

Examples related to netbeans-7.4