What is the hidden danger of directly removing the spaces before and after getting the GET/POST parameter?

take PHP as an example, assume that there is a getParam ($name) method that returns the value of $_ GET [$name] .

what would happen if I did trim directly to all $_ GET values in this method?

Ps: does not pass null values, NULL, true/false.

Mar.25,2021

what if it refers to security risks? I don't think there's a security risk.
but I don't advise you to do this. I just want to pass the space + letter.

look at the usage scenario. If you are writing a generic method, for example, you are writing a framework generic method, it is up to the user to decide whether or not to trim.
you just write a method in the business logic controller, which I think is fine.


is usually dropped by Filter, because if there are a lot of spaces in the parameter, there may be more unknown bug;. Even if you want to pass spaces, ah, switch to physical tags. I don't think there is any security risk. If you have to keep spaces, you can consider


generally speaking, there is no hidden danger when using spaces. If there is, there will be spaces in your business logic. Because the default of trim () itself is to remove the left and right spaces, tab and other blank


if it is only $_ GET, then there is no hidden danger, and it is very supportive to do so!


that's what I usually do. It's not a security hazard, it's a necessary Filter.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b32fc5-34209.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b32fc5-34209.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?