1.2.367. Don’t Change Incomings¶
PHP hands over a lot of information using special variables like $_GET, $_POST, etc… Modifying those variables and those values inside variables means that the original content is lost, while it will still look like raw data, and, as such, will be untrustworthy. It is recommended to put the modified values in another variable, and keep the original one intact.
<?php
// filtering and keeping the incoming value.
$_DATA'id'] = (int) $_GET['id'];
// filtering and changing the incoming value.
$_GET['id'] = strtolower($_GET['id']);
?>
1.2.367.2. Connex PHP features¶
1.2.367.2.1. Suggestions¶
Set the value to another variable and apply modifications to that variable
1.2.367.2.2. Specs¶
Short name |
Structures/NoChangeIncomingVariables |
Rulesets |
|
Exakat since |
0.8.4 |
PHP Version |
All |
Severity |
Minor |
Time To Fix |
Slow (1 hour) |
Precision |
High |
Available in |