Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Working with $_GET and $_POST in PHP Filtering Inputs and Escaping Outputs Always Filter Inputs

Posted by Tom de Visser
Tom de Visser
2,709 Points

What inputs to filter?

I guess we only need to filter inputs that accept text, right? Or should I also filter inputs like select inputs, radio buttons, range sliders and dropdowns?

1 Answer

Peter Vann
Peter Vann
36,427 Points
Peter Vann
Peter Vann
36,427 Points

Hi Tom!

You need to sanitize any input that can accept text because that is where malicious code could be injected.

More info:

https://teamtreehouse.com/library/owasp-top-10-vulnerabilities

https://owasp.org/www-community/attacks/xss/

https://www.veracode.com/security/xss

I hope that helps.

Stay safe and happy coding!

Tom de Visser
Tom de Visser
2,709 Points

Hi Peter,

Thanks for your answer, but I already knew I had to sanitize those. My question was pointing to the other inputs, are they also dangerous? Can people for example change the value while inspecting the page and then submit text input that way? Or is anything except inputs that explicitly accept text (textarea, text, email, etc.) safe to not sanitize?

Thanks!