I was reading about Superglobals and security. As a “rule”, I use htmlentities() for all the inputs and similar and for
$_SERVER['HTTP_REFERER'];
$_SERVER["REQUEST_METHOD"];
$_POST['thename'];
$_GET['thename'];
But since I am a novice I don´t know if I have to use it with some or all the other superglobals. I don´t know about security and maybe, someone can do “something” to put (or change) malicious code.
Do I have to use it just for those ones? Or are others to consider?
Thanks a lot.
I´m asking to learn in the good way.
Don't use htmlentities(), use htmlspecialchars().
And use that function whenever you have some plain text that should be inserted into HTML. This is without exception - always do it. It has nothing to do with security in the first place, it is simply the way to achieve correct text output.
Other functions you should be using: urlencode() or rawurlencode().