Do not access superglobal $_GET array directly

2019-06-28 02:30发布

I'm new to PHP, so forgive me if this is a stupid question but why should I not access items in the superglobal arrays directly? NetBeans warns me not to (see title), and I've read the same elsewhere -- however I haven't come across a good explanation yet.

What can go wrong? Is it a security concern, like SQL injection? Or something else?

There are several similar questions on StackOverflow, but none of the answers actually explain what the problem is: they just suggest to use filter_input(). This doesn't satisfy me, since I like knowing how things work. Any explanation will be appreciated.

1条回答
聊天终结者
2楼-- · 2019-06-28 02:56

Well, in normal cases there's no harm of using the super global variables directly,

but to stay on the safe side and to avoid long list of possible attacks you should filter the data coming from the user throw those vars before using them in your application

查看更多
登录 后发表回答