bumperbox bumperbox - 5 months ago 43
PHP Question

filter_input with invalid filter

I just came across this snippet in our code base

$token = filter_input(INPUT_GET, 'token', FILTER_VALIDATE_STRING);
if ($token === false || $token === null) {
die('invalid token');
}


FILTER_VALIDATE_STRING is not a valid filter type,
does that mean it would just revert to FILTER_DEFAULT, as an unrecognized filter has been passed in?

Answer

All GET and POST vars are strings, and as you have noted FILTER_VALIDATE_STRING is not a defined constant. If you enable error reporting you will see:

Notice: Use of undefined constant FILTER_VALIDATE_STRING - assumed 'FILTER_VALIDATE_STRING'

Warning: filter_input() expects parameter 3 to be long, string given

So filter_input() will return NULL just like any other function that is not passed required arguments.

This is assuming that whoever wrote this did not also define FILTER_VALIDATE_STRING.

Comments