[SOLVED] Should I use @ to suppress error in PHP

Should I use @ to suppress error? For example, if I am taking a value from user form using strip_tags($_POST[‘userdata’]), should I add a @ before $?

Or is using a if(isset($_POST[‘userdata’])) a better way to handle this?

SOLUTION:

use filter_input(INPUT_POST, ‘userdata’, FILTER_SANITIZE_STRING) instead.
filter_input() does not need an isset() around it. if the POST data do not exist, it returns NULL.
there are additional filter options that do that. see http://php.net/manual/en/filter.filters.sanitize.php

I’d do this. That way you can throw it back until there is data from the user (or check for any invalid data + send it back).

never!

use filter_input(INPUT_POST, 'userdata', FILTER_SANITIZE_STRING) instead.

Hi thanks for the speedy reply.

Should I then use…?
if ( isset($_POST(‘userdata’)) ){
$something = filter_input(INPUT_POST, ‘userdata’, FILTER_SANITIZE_STRING);
}

Also I wrote a function to sanitize the user input, namely:
function filter_data($data){
$data = trim($data);
$data = stripcslashes($data);
$data = htmlspecialchars($data);
return $data;
}

is this function not necessary given filter_input?

filter_input() does not need an isset() around it. if the POST data do not exist, it returns NULL.

there are additional filter options that do that. see http://php.net/manual/en/filter.filters.sanitize.php

Thanks!

Thanks Ryan!

One last question: should I use FILTER_SANITIZE_FULL_SPECIAL_CHARS instead of FILTER_SANITIZE_STRING to avoid injection attack?

FILTER_SANITIZE_STRING was just an example. you can use any filter you see fit.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.