Warning "Do not Access Superglobal $_POST Array Directly" on Netbeans 7.4 for PHP

PhpNetbeansSuperglobalsNetbeans 7.4

Php Problem Overview

I've got this message warning on Netbeans 7.4 for PHP while I'm using $_POST, $_GET, $_SERVER, ....

> Do not Access Superglobal $_POST Array Directly

What does it mean? What can I do to correct this warning?

Edit: The Event sample code still shows this warning.

Php Solutions

Solution 1 - Php

filter_input(INPUT_POST, 'var_name') instead of $_POST['var_name']
filter_input_array(INPUT_POST) instead of $_POST

Solution 2 - Php

Although a bit late, I've come across this question while searching the solution for the same problem, so I hope it can be of any help...

Found myself in the same darkness than you. Just found this article, which explains some new hints introduced in NetBeans 7.4, including this one:

https://blogs.oracle.com/netbeansphp/entry/improve_your_code_with_new

The reason why it has been added is because superglobals usually are filled with user input, which shouldn't ever be blindly trusted. Instead, some kind of filtering should be done, and that's what the hint suggests. Filter the superglobal value in case it has some poisoned content.

For instance, where I had:

$_SERVER['SERVER_NAME']

I've put instead:

filter_input(INPUT_SERVER, 'SERVER_NAME', FILTER_SANITIZE_STRING)

You have the filter_input and filters doc here:

http://www.php.net/manual/en/function.filter-input.php

http://www.php.net/manual/en/filter.filters.php

Solution 3 - Php

I agree with the other answerers that in most cases (almost always) it is necessary to sanitize Your input.

But consider such code (it is for a REST controller):

$method = $_SERVER['REQUEST_METHOD'];

switch ($method) {
            case 'GET':
                return $this->doGet($request, $object);
            case 'POST':
                return $this->doPost($request, $object);
            case 'PUT':
                return $this->doPut($request, $object);
            case 'DELETE':
                return $this->doDelete($request, $object);
            default:
                return $this->onBadRequest();
}

It would not be very useful to apply sanitizing here (although it would not break anything, either).

So, follow recommendations, but not blindly - rather understand why they are for :)

Solution 4 - Php

Just use

filter_input(INPUT_METHOD_NAME, 'var_name') instead of $_INPUT_METHOD_NAME['var_name'] filter_input_array(INPUT_METHOD_NAME) instead of $_INPUT_METHOD_NAME

e.g

    $host= filter_input(INPUT_SERVER, 'HTTP_HOST');
    echo $host;

instead of

    $host= $_SERVER['HTTP_HOST'];
    echo $host;

And use

    var_dump(filter_input_array(INPUT_SERVER));

instead of

    var_dump($_SERVER);

N.B: Apply to all other Super Global variable

Solution 5 - Php

Here is part of a line in my code that brought the warning up in NetBeans:

$page = (!empty($_GET['p']))

After much research and seeing how there are about a bazillion ways to filter this array, I found one that was simple. And my code works and NetBeans is happy:

$p = filter_input(INPUT_GET, 'p');
$page = (!empty($p))
Categories
Recommended Php Solutions
Recommended Netbeans Solutions

Previous Solution:

How to set Java SDK path in AndroidStudio?

Android StudioIntellij Idea

Next Solution:

How to change the name of a gist in github?

GithubGist

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionKannikaView Question on Stackoverflow
Solution 1 - PhpHomerockerView Answer on Stackoverflow
Solution 2 - PhpRicardo Palomares MartínezView Answer on Stackoverflow
Solution 3 - PhpRauni LillemetsView Answer on Stackoverflow
Solution 4 - PhpSani KamalView Answer on Stackoverflow
Solution 5 - PhpJim TippinsView Answer on Stackoverflow