//sanatize inputs $id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT); //make sure the ID is valid is valid for methods that require it if (($method === "DELETE" || $method === "PUT") && (empty($id) === true || $id < 0)) { throw new InvalidArgumentException("ID cannot be empty or negative"); } //sanitize and trim other fields $imageId = filter_input(INPUT_GET, "imageId", FILTER_VALIDATE_INT); $tagId = filter_input(INPUT_GET, "tagId", FILTER_VALIDATE_INT); //handle REST calls for GET methods if ($method === "GET") { //set XSFR cookie setXsrfCookie("/"); //get tag based on the given field if (empty($id) === false) { $tag = Tag::getImageTagByImageId($pdo, $id); if ($tag !== null && $tag->getImageId() === $_SESSION["tag"]->getImageId()) { $reply->data = $tag; } } } //If the user is logged in, allow to POST their own tag. if (empty($_SESSION["profile"]) !== false) { if ($method === "POST") { verifyXsrf(); $requestContent = file_get_contents("php://input"); $requestObject = json_decode($requestContent); } //ensure all fields are present if (empty($requestObject->imageId) === true) { throw new InvalidArgumentException("Image must have an ID", 405);