问题
I just upgraded my IDE (Netbean) to 1.7.4 beta, to test it out... and it seems that now it si giving me a warning whenever I access my superglobal variable. It says
Do not access supergolobal $_POST Array Directly
I am currently just using this
$taxAmount = intval(ceil($_POST['price']*($TAX-1)));
How much of a security concern is this really?
Is this the proper way to do it, and does it make a difference?
$price = $_POST['price'];
$taxAmount = intval(ceil($price*($TAX-1)));
回答1:
No, you can use you first method and not fill the memory with duplicate data. The only concern here is to validate it before using, and if you copy it to another variable, you need to do same on it also.
回答2:
I don't see any difference!
Especially if you do not want to use it in a sql_query.
The only thing that makes me thinking, is that its not much common to write in superglobals directly, so some poor programmers may leave it with unvalidated data.
One last thing, Be sure to check your "$_POST" existence with 'empty' or 'isset' functions.
example:
If(!empty($_POST['price']))
$taxAmount = intval(ceil($_POST['price']*($TAX-1)));
else
$taxAmount = -1; //Somethings wrong.
Possible duplicate
来源:https://stackoverflow.com/questions/18495056/security-concern-when-accessing-php-superglobal-directly