Using isset and filter_input the correct way in PHP

php isset superglobals
iSee picture iSee · May 19, 2014 · Viewed 7.8k times · Source

I am developing a basic API for some simple functionality. I am capturing inputs like below:

if ($action == 'delete' && isset($_POST['targetId']) && isset($_POST['userId'])) {
//The isset causes "Do not access Superglobal _POST array directly" warning in Netbeans
        $userId = filter_input(INPUT_POST, 'userId');
        $beamId = filter_input(INPUT_POST, 'targetId');
}

Should I use filter_input even for checking whether the value is set? Like:

if ($action == 'delete' && filter_input(INPUT_POST, 'targetId') && filter_input(INPUT_POST, 'userId')) {

}

I am not looking at options here rather I would be happy with the most correct solution which is secure and hack resistant.

EDIT: Yes, the above information will be used as inputs for SQL

Answer

NEOline picture NEOline · Jun 15, 2016

Another solution could be use filter_has_var().

if (filter_has_var(INPUT_POST, "userId")) {
    //occurs when $_POST['userId'] is set, even when empty
}

More info in: Official documentation

Related questions

If isset $_POST

I have a form on one page that submits to another page. There, it checks if the input mail is filled. If so then do something and if it is not filled, do something else. I don't understand why it …

Read More
Calling a particular PHP function on form submit

I was trying to call a particular php function in submit of a form both the form and php scripts are in same page. My code is below.(it is not working and so I need help) <html> &…

Read More
isset PHP isset($_GET['something']) ? $_GET['something'] : ''

I am looking to expand on my PHP knowledge, and I came across something I am not sure what it is or how to even search for it. I am looking at php.net isset code, and I see isset($_…

Read More