$filters = array( 'verify-username' => FILTER_VALIDATE_STRING, 'verify-email' => FILTER_VALIDATE_EMAIL, 'verify-password' => FILTER_UNSAFE_RAW, 'verify-submit' => FILTER_VALIDATE_STRING, 'key' => FILTER_VALIDATE_STRING, 'id' => FILTER_VALIDATE_INT, ); $filteredG = filter_input_array(INPUT_GET, $filters); $filtered = filter_input_array(INPUT_POST, $filters); $ret = false; if ($filteredG['key'] and $filteredG['id']) { $ret = User::getByKey($filteredG['id'], $filteredG['key']); if (!$ret or !$ret->id) { $ret = false; } } if ($filtered['verify-submit']) { // User::login does the sql escape $ret = User::login($filtered['verify-username'], $filtered['verify-password']); if (!$ret->id or $ret->email != $filtered['verify-email']) { $t->err = "The username, email, or password do not match any in our database"; $ret = false; }