PHP

PHP

By DeepSource

Use of deprecated filter constantPHP-W1084

Bug risk
Has Autofix

The filter extension provides predefined constants to validate or sanitize the data such as user-supplied input. This issue flags the use of any constant that has been deprecated. Using deprecated constant would raise runtime warnings, and can cause your code to crash in a future version, if the constant is removed.

Below are the recommended fixes for the deprecated constants:

  • FILTER_SANITIZE_MAGIC_QUOTES should be replaced with FILTER_SANITIZE_ADD_SLASHES.
  • FILTER_FLAG_SCHEME_REQUIRED can be removed safely.
  • FILTER_FLAG_HOST_REQUIRED can be removed safely.

Visit this link to get full list of the predefined constants with its usage, deprecation information and alternatives.

Examples

Bad practice

class User
{
   public function create()
   {
       // invalid: Deprecated as of PHP 7.3.0 and removed as of PHP 8.0.0
       $name = filter_var($_POST['name'], FILTER_SANITIZE_MAGIC_QUOTES);
   }
}

Recommended

class User
{
   public function create()
   {
       $name = filter_var($_POST['name'], FILTER_SANITIZE_ADD_SLASHES);
   }
}