Warning Do not Access Superglobal POST Array Directly on Netbeans 7 4 for PHP

Question

I ve got this message warning on Netbeans 7 4 for PHP while I m using   POST    GET    SERVER           Do not Access Superglobal   POST Array Directly   What does it mean  What can I do to correct this warning   Edit  The Event sample code still shows this warning

User · Answer

I agree with the other answerers that in most cases (almost always) it is necessary to sanitize Your input.

But consider such code (it is for a REST controller):

$method = $_SERVER['REQUEST_METHOD'];

switch ($method) {
            case 'GET':
                return $this->doGet($request, $object);
            case 'POST':
                return $this->doPost($request, $object);
            case 'PUT':
                return $this->doPut($request, $object);
            case 'DELETE':
                return $this->doDelete($request, $object);
            default:
                return $this->onBadRequest();
}

It would not be very useful to apply sanitizing here (although it would not break anything, either).

So, follow recommendations, but not blindly - rather understand why they are for :)

User · Answer

Just use filter input INPUT METHOD NAME   var name   instead of   INPUT METHOD NAME  var name   filter input array INPUT METHOD NAME  instead of   INPUT METHOD NAME e g      host  filter input INPUT SERVER   HTTP HOST        echo  host   instead of      host    SERVER  HTTP HOST        echo  host   And use     var dump filter input array INPUT SERVER     instead of     var dump   SERVER    N B  Apply to all other Super Global variable

User · Answer

Although a bit late  I ve come across this question while searching the solution for the same problem  so I hope it can be of any help     Found myself in the same darkness than you  Just found this article  which explains some new hints introduced in NetBeans 7 4  including this one   https   blogs oracle com netbeansphp entry improve your code with new  The reason why it has been added is because superglobals usually are filled with user input  which shouldn t ever be blindly trusted  Instead  some kind of filtering should be done  and that s what the hint suggests  Filter the superglobal value in case it has some poisoned content   For instance  where I had     SERVER  SERVER NAME     I ve put instead   filter input INPUT SERVER   SERVER NAME   FILTER SANITIZE STRING    You have the filter input and filters doc here   http   www php net manual en function filter-input php  http   www php net manual en filter filters php

User · Answer

Here is part of a line in my code that brought the warning up in NetBeans    page     empty   GET  p        After much research and seeing how there are about a bazillion ways to filter this array  I found one that was simple  And my code works and NetBeans is happy    p   filter input INPUT GET   p     page     empty  p

User · Answer

filter input INPUT POST   var name   instead of   POST  var name   filter input array INPUT POST  instead of   POST

[php] Warning "Do not Access Superglobal $_POST Array Directly" on Netbeans 7.4 for PHP

Examples related to php

Examples related to netbeans

Examples related to superglobals

Examples related to netbeans-7.4