1.2.366. Don’t Change Incomings

PHP hands over a lot of information using special variables like $_GET, $_POST, etc… Modifying those variables and those values inside variables means that the original content is lost, while it will still look like raw data, and, as such, will be untrustworthy.

It is recommended to put the modified values in another variable, and keep the original one intact.

<?php

// filtering and keeping the incoming value.
$_DATA'id'] = (int) $_GET['id'];

// filtering and changing the incoming value.
$_GET['id'] = strtolower($_GET['id']);

?>

1.2.366.1. Related PHP errors

• Cannot re-assign $this

• Cannot re-assign auto-global variable $_GET

1.2.366.2. Connex PHP features

• incoming-data

• outgoing-data

1.2.366.2.1. Suggestions

• Set the value to another variable and apply modifications to that variable

1.2.366.2.2. Specs

Short name	Structures/NoChangeIncomingVariables
Rulesets	All, Analyze, Changed Behavior
Exakat since	0.8.4
PHP Version	All
Severity	Minor
Time To Fix	Slow (1 hour)
Precision	High
Available in	Entreprise Edition, Exakat Cloud