Skip to content

DEV Community

Eko Priyanto

Posted on Jan 31 • Edited on Feb 1

PHP input validation yang benar

#php #security #cleancode

never trust your user

// Wrong way ❌
$userId = $_GET['user_id'];
$query = "SELECT * FROM users WHERE id = " . $userId;

// Right way ✅
$userId = filter_input(INPUT_GET, 'user_id', FILTER_VALIDATE_INT);
if ($userId === false) {
    throw new InvalidArgumentException('Invalid user ID');
}
$query = $pdo->prepare("SELECT * FROM users WHERE id = ?");
$query->execute([$userId]);

Top comments (0)

Subscribe

Read next

2466. Count Ways To Build Good Strings

MD ARIFUL HAQUE - Dec 30 '24

✋🏼🗺 🔥 CS Visualized: CORS

Hanzla Baig - Dec 29 '24

A Scalable and Maintainable Approach for Laravel Applications

Aung Kyaw Minn - Dec 29 '24

Laravel's 2024: Progress at Lightning Speed, But Are We Biting Off More Than We Can Chew?

HichemTech - Dec 29 '24