This should be a elementary question but why is better to use something like this:
$pwd = filter_input(INPUT_POST, 'pwd');
Instead of just:
$pwd = $_POST['pwd'];
PS: I understand that the filter extension can be used with more arguments to provide an additional level of sanitization.
It's not. $_GET, $_POST, $_COOKIE and $_REQUEST are filtered with default filter. filter_input(INPUT_POST, 'pwd') without additional parameters also uses the default filter. So there is no difference at all.
Any data which is sent from the client (such as POST data) should be sanitized and escaped (and even better, sanity-checked) to ensure that it isn't going to kill your website.
SQL Injection and Cross-site scripting are the two largest threats for failing to sanitize your user-sent data.
It is not better.
Please see docs on filter_input http://www.php.net//manual/en/function.filter-input.php
and click the "Types of Filters" link. http://www.php.net/manual/en/filter.filters.php
I have only ever used the integer filter ...
$user_id = filter_input(INPUT_POST, 'user_id', FILTER_SANITIZE_NUMBER_INT);
$user = abs($user_id); // To get rid of any +/-
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 别忘想泡老子 的文章《Why is better to use filter_input()?》','https://www.manongdao.com/article-228418.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}