What are the best practices for retrieving GET and POST parameters in PHP?

When retrieving GET parameters in PHP, it is important to sanitize and validate the input to prevent security vulnerabilities such as SQL injection or cross-site scripting attacks. For POST parameters, it is recommended to use the $_POST superglobal array to access the data sent by a form submission. Additionally, using filter_input() function with appropriate filters can help sanitize the input data. 

// Retrieving GET parameters
$param = isset($_GET['param']) ? $_GET['param'] : '';
$param = filter_var($param, FILTER_SANITIZE_STRING);

// Retrieving POST parameters
$data = isset($_POST['data']) ? $_POST['data'] : '';
$data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);

Keywords

$_GET $_POST filter_input validation security

Related Questions