admin管理员组文章数量:1312740
I am trying to insert some php code to my WordPress website but it gives security warnings perhaps due to directly accessing $_POST variable.
Instead of $name = $_POST['name'];, I can use $name = filter_input(INPUT_POST, 'name'); however I am not able to figure out what alternative piece of code I should use instead of if(isset($_POST) && !empty($_POST)) { //some code }?
Thanks for your help in advance.
I am trying to insert some php code to my WordPress website but it gives security warnings perhaps due to directly accessing $_POST variable.
Instead of $name = $_POST['name'];, I can use $name = filter_input(INPUT_POST, 'name'); however I am not able to figure out what alternative piece of code I should use instead of if(isset($_POST) && !empty($_POST)) { //some code }?
Thanks for your help in advance.
Share Improve this question asked Dec 18, 2020 at 15:20 Asmat AliAsmat Ali 1392 silver badges10 bronze badges 1- 1 What security warnings and where? Please add that detail to your question. If you are linting your PHP with a tool like PHPCS you will likely see a "super global" warning, for example. – jdm2112 Commented Dec 18, 2020 at 16:05
2 Answers
Reset to default 1filter_input is the proper way to go. If it doesn't return anything valid, it will return null:
$myvar = filter_input( INPUT_POST, 'something', FILTER_SANITIZE_STRING );
if ( empty( $myvar ) ) {
// Do whatever you would have done for ! isset( $_POST['something'] )
}
// Use $myvar
filter_input won't throw any notices if the requested index isn't found, so it's like having isset built-in to the function.
Edit: just be sure to use a FILTER_ to sanitize or validate, and note there are some gotchas that are documented in PHP's documentation about these. For most general use-cases they should work fine, but always validate your user input appropriately once you have it (the same as you would when getting it directly from $_POST).
Though the error was not caused by accessing $_POST variable directly, but I was able to write the alternative to if(isset($_POST)).
Firstly, you need to give a name to the submit button in your form. Your form should look like,
<form action = "" method = "post">
Some fields.
<input type = "submit" name = "submit_button" />
</form>
And then on the php side,
$submit = filter_input(INPUT_POST, 'submit_button');
if (isset($submit)){
//some code.
}
Hope this helps someone.
本文标签: phpWhat is the alternative code to if (isset (POST) ampamp empty (POST) to avoid warnings
版权声明:本文标题:php - What is the alternative code to if (isset ($_POST) && !empty ($_POST) to avoid warnings? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741906314a2404166.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论