In your example as you know the input to be a number, it would be best to simply check for that, rather than attempting to add additional filtering.
for example,
if(isset($_POST["f"])){
$inFahrenhite = trim($_POST['f']); // remove any leading/trailing spaces
if (is_numeric($inFahrenhite)) $f = $_POST['f'];
}
The above code validates that the input is numeric. Since you are expecting a number anything else is invalid and can be ignored.
Other questions.
- Yes, it means the settings is turned off.
- All filters are not required. There is no need to allow html values if the input should be a number. Using http://www.php.net/manual/en/book.filter.php would be a start.
- Magic Quotes only escapes certain characters. The settings is to be deprecated, so you should avoid using it.
- These functions only work to ensure that the characters are escaped properly. For example, an
&
would get converted to&
. There is still an&
there, but it now has a different purpose.