Should I use @ to suppress error? For example, if I am taking a value from user form using strip_tags($_POST[‘userdata’]), should I add a @ before $?
Or is using a if(isset($_POST[‘userdata’])) a better way to handle this?
SOLUTION:
use filter_input(INPUT_POST, ‘userdata’, FILTER_SANITIZE_STRING) instead.
filter_input() does not need an isset() around it. if the POST data do not exist, it returns NULL.
there are additional filter options that do that. see http://php.net/manual/en/filter.filters.sanitize.php
Should I then use…?
if ( isset($_POST(‘userdata’)) ){
$something = filter_input(INPUT_POST, ‘userdata’, FILTER_SANITIZE_STRING);
}
Also I wrote a function to sanitize the user input, namely:
function filter_data($data){
$data = trim($data);
$data = stripcslashes($data);
$data = htmlspecialchars($data);
return $data;
}
is this function not necessary given filter_input?