Risk in using isset?

I am new to PHP.

I have been advised to sanitize $_GET and $_POST. I have bee开发者_如何学运维n following this advice.

However, if I just want to check the variable with

if(isset($_GET['login']))

do I need to do any sanitization on that?

Also, do I need to sanitize $_SESSION values I use?

No, you do not have to do any kind of sanitization or anything : isset() will allow you to check if the variable (or item array, in your case) exists -- and that's pretty much it.

Here, as you are testing whether the item/variable exists or not, you cannot sanitize it : to sanitize the data, you need it to exist.

Note, though : isset() will return false if that item exists, but is null !
Which, in the case of a $_GET item, will quite not probably happen.

No. If you just want to check whether variable exists or not - then your code is just fine.

No, there's no risk in doing that.

Sanitization is required before you proceed to use the values in $_GET/$_POST in your business logic (e.g. building database queries with it or displaying it to the user as part of your HTML output); here you are just testing if a value exists at all.

No, you don't. But better way to do this would be:

if(key_exists('login',$_GET)) {
}

I think there is no need for sanitation, if you need only to check if the key login is setted, it is better to doing so:

if(array_key_exists('login',$_GET))

Because if the key is not setted your code will throw a notice error.