PHP Classes

dont access POST or GET directly

Recommend this page to a friend!

      PHP Secure Login and Registration  >  PHP Secure Login and Registration package blog  >  Secure PHP Login Scri...  >  All threads  >  dont access POST or GET directly  >  (Un) Subscribe thread alerts  
Subject:dont access POST or GET directly
Summary:dont access POST or GET directly
Messages:3
Author:jorge correia
Date:2016-12-21 15:44:41
 

  1. dont access POST or GET directly   Reply   Report abuse  
Picture of jorge correia jorge correia - 2016-12-21 15:44:41
Hi,
in your examples, for security reasons you should not access superglobal $_GET or $_POST directly.

As an example in the login process where you have this:

$email = IsSet($_POST['username']) ? $_POST['username'] : '';
$password = IsSet($_POST['password']) ? $_POST['password'] : '';

It should be:

$email = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_EMAIL);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);


Thanks,
Jorge Correia

  2. Re: dont access POST or GET directly   Reply   Report abuse  
Picture of Ashraf Gheith Ashraf Gheith - 2016-12-21 15:48:30 - In reply to message 1 from jorge correia
Thank you,
I missed that one out :)

  3. Re: dont access POST or GET directly   Reply   Report abuse  
Picture of jorge correia jorge correia - 2016-12-21 16:00:44 - In reply to message 2 from Ashraf Gheith
welcome :)