PHP 8.4.2 Released!

filter_has_var »

过滤器函数

目录

filter_has_var — 检测是否存在指定类型的变量
filter_id — 返回与某个特定名称的过滤器相关联的id
filter_input — 通过名称获取特定的外部变量，并且可以通过过滤器处理它
filter_input_array — 获取一系列外部变量，并且可以通过过滤器处理它们
filter_list — 返回所支持的过滤器列表
filter_var — 使用特定的过滤器过滤一个变量
filter_var_array — 获取多个变量并且过滤它们

发现了问题？

了解如何改进此页面 • 提交拉取请求 • 报告一个错误

＋添加备注

用户贡献的备注 2 notes

up

down

4

vojtech at x dot cz ¶

18 years ago

Also notice that filter functions are using only the original variable values passed to the script even if you change the value in super global variable ($_GET, $_POST, ...) later in the script.

<?php
echo filter_input(INPUT_GET, 'var'); // print 'something'
echo $_GET['var']; // print 'something'
$_GET['var'] = 'changed';
echo filter_input(INPUT_GET, 'var'); // print 'something'
echo $_GET['var']; // print 'changed'
?>

In fact, external data are duplicated in SAPI before the script is processed and filter functions don't use super globals anymore (as explained in Filter tutorial bellow, section 'How does it work?').

up

down

0

fumble1 at web dot de ¶

17 years ago

I recommend you to use the FILTER_REQUIRE_SCALAR (or FILTER_REQUIRE_ARRAY) flags, since you can use array-brackets both to access string offsets and array-element -- however, not only this can lead to unexpected behaviour. Look at this example:

<?php
$image = basename(filter_input(INPUT_GET, 'src', FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW));
// further checks
?>

/script.php?src[0]=foobar will cause a warning. :-(
Hence my recommendation:

<?php
$image = basename(filter_input(INPUT_GET, 'src', FILTER_UNSAFE_RAW, FILTER_REQUIRE_SCALAR | FILTER_FLAG_STRIP_LOW));
// further checks
?>

＋添加备注