filter-input

PHP's new input_filter does not read $_GET or $_POST arrays

In PHP 5.2 there was a nice security function added called "input_filter", so instead of saying: $name = $_GET['name']; you can now say: $name = filter_input (INPUT_GET, 'name', FILTER_SANITIZE_STRING); and it automatically sanitizes your string, there is also: FILTER_SANITIZE_ENCODED FILTER_SANITIZE_NUMBER_INT FILTER_SANITIZE_EM...

PHP FILTER_SANITIZE_URL swedish domain name

I am experimenting with filter_input and filter_var and I am currently trying to sanitize URLs with FILTER_SANITIZE_URL. The test program gets input from a GET variable which consists of a URL, (ex. foo.com/bar.php?a=http://www.domain.se). It works fine as long as I don't use swedish domain names. Ex: (foo.com/bar.php?a=http://www.äta.se...