Is safe to access to $_SERVER['DOCUMENT_ROOT'] directly without filtering functions like filter_input()?
Asked
Active
Viewed 1,136 times
2
Joy
- 267
- 1
- 4
- 13
-
1short .... yes you can trust $_SERVER['DCOCUMENT_ROOT'] – donald123 Dec 04 '15 at 10:12
-
Surely you mean `$_SERVER['DOCUMENT_ROOT']`? – Ultimater Dec 04 '15 at 10:17
-
@Ultimater, yes, thank you, I edited it. – Joy Dec 04 '15 at 10:19
-
4It's interesting that people are up-voting the comment which says it is a possible duplicate but not voting to close. 10 up-votes on on a close-vote comment but no 4 close-votes – Hanky Panky Dec 04 '15 at 10:22
-
2@Hanky웃Panky Not everyone has 3,000 reputation to cast close/reopen votes, but most people have 15 reputation to up-vote a comment. – Ultimater Dec 04 '15 at 10:36
1 Answers
8
filter_input() ?
There is no input in $_SERVER['DOCUMENT_ROOT'], that is a server controlled property and can not be manipulated ordinarily by user input so no need to filter it using that method.
Unless you think your server is compromised that is :) in which case it will be useless to filter for anything at all.
Hanky Panky
- 46,730
- 8
- 72
- 95