PHP filter_input() and filter_has_var() weirdness (bug?)

  • Carl
  • Beginner
  • Beginner
  • User avatar
  • Posts: 50

Post 3+ Months Ago

Hello all,

While messing around with a log in system for my website, I came across a very strange problem with the filter_input() function in PHP. When first submitting a form, it doesn't acknowledge that a particular value is set in $_POST. In other words, filter_input() returns NULL. Naturally, this causes log ins to fail or any other form processing to fail. When refreshing the log in page, submitting the form results in the correct values showing up and filter_input() finding the set variable in $_POST.

At first I thought I may have been using the function wrong (you never know) but I tried the same code using filter_var() and it works as expected.

The function calls are as follows:

Code: [ Select ]
filter_input(INPUT_POST, 'someVar', FILTER_SANITIZE_STRING);


When the form is submitted for the first time, this results in it returning NULL. However, if you execute the following

Code: [ Select ]
filter_var($_POST['someVar'], FILTER_SANITIZE_STRING);


it works as expected (in the actual code I have some other checks in place to make sure that $_POST['someVar'] exists). I've tried creating a simple form that submits a few fields to verify that there isn't in fact a problem with my log in system and it behaves exactly as I described above. So the problem seems to be with PHP itself and not my code.

To test this further, I tried manually checking to see if the specified POST variable was set using

Code: [ Select ]
isset($_POST['someVar'])


and

Code: [ Select ]
filter_has_var(INPUT_POST, 'someVar');


The former worked perfectly and the latter behaved exactly like filter_input(). In other words, the latter said that the variable was not set, whereas the former succeeds.

Now, maybe I'm missing a vital piece of information after looking at this for several hours while trying to fix my code, but it seems to me that this isn't how things should be behaving. One would expect the two to produce the same results, correct? Or am I wrong about that?

More importantly, has anyone else noticed this kind of behavior? I'm using PHP 5.2.10 with Apache 2.2.11 in Windows 7 RC1. However, I've also found the same problem on my remote Linux LiteSpeed server that's running PHP 5.2.9. The browser doesn't seem to make a difference.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Carl
  • Beginner
  • Beginner
  • User avatar
  • Posts: 50

Post 3+ Months Ago

As a quick addendum, this doesn't appear to affect INPUT_GET when using filter_input(), as the code in my project that relies on it has never given me trouble. It only seems to affect INPUT_POST.

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 81 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.