0

I know that instead of 

$_POST['var_name']

I need to use 

filter_input(INPUT_POST, 'var_name')

but what about the first check, if the server has a POST request: 

if($_SERVER['REQUEST_METHOD'] == 'POST')

does it have an equivalent? because Netbeans gives the warning

Do not Access Superglobal $_SERVER Array Directly

Phil
  • 157,677
  • 23
  • 242
  • 245
pileup
  • 1
  • 2
  • 18
  • 45
  • 4
    _"instead of ...I need to use.."_ - who says so? – Jeff Jan 01 '19 at 22:40
  • 1
    The server superglobal array is filled by the webserver. But the superglobal also contains unsafe http headers. That's probably why the warning gets shown. But the mentioned element is safe. – Charlotte Dunois Jan 01 '19 at 23:25
  • From the duplicate post, see [this answer](https://stackoverflow.com/a/24371536/283366) for specific details, including a link to [this Netbeans article](https://blogs.oracle.com/netbeansphp/improve-your-code-with-new-hints) – Phil Jan 01 '19 at 23:51
  • @Jeff Netbeans says so (apparently). – Phil Jan 01 '19 at 23:52
  • @Jeff, haha yes, that's what Netbeans says. And about the duplicate post, I already saw it, but its `$_POST` and not `$_SERVER` – pileup Jan 02 '19 at 11:25

1 Answers1

-1

Try to use this : 

$var_name = filter_input(INPUT_POST, $_POST["var_name"]);

we have many ways to get REQUEST_METHOD like : 

getenv('REQUEST_METHOD');

If I'm wrong in the answer, it is because I did not find any code in the question :)

Saif Manwill
  • 692
  • 1
  • 9
  • 20
  • 1
    You could further distill your answer into: you could use `getenv('REQUEST_METHOD')` as an alternative to accessing the super global `$_SERVER`. (Does netbeans still yield the same warning in that case? What's the difference? What are the ramifications of the first method?) – Progrock Jan 02 '19 at 07:08
  • I did not find the code included and I answered what I know only :) – Saif Manwill Jan 02 '19 at 10:14