{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 萌系小妹纸 的问题《Security concern when accessing php superglobal di》','https://www.manongdao.com/q-822970.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I just upgraded my IDE (Netbean) to 1.7.4 beta, to test it out... and it seems that now it si giving me a warning whenever I access my superglobal variable. It says
Do not access supergolobal $_POST Array Directly
I am currently just using this
$taxAmount = intval(ceil($_POST['price']*($TAX-1)));
How much of a security concern is this really?
Is this the proper way to do it, and does it make a difference?
$price = $_POST['price'];
$taxAmount = intval(ceil($price*($TAX-1)));
No, you can use you first method and not fill the memory with duplicate data. The only concern here is to validate it before using, and if you copy it to another variable, you need to do same on it also.
I don't see any difference!
Especially if you do not want to use it in a sql_query.
The only thing that makes me thinking, is that its not much common to write in superglobals directly, so some poor programmers may leave it with unvalidated data.
One last thing, Be sure to check your "$_POST" existence with 'empty' or 'isset' functions.
example:
Possible duplicate