Does POST or GET data need to be validated if being thrown directly into a switch() statement? For example:
switch($_GET['input']) {
//...
}
???
If your switch contains real cases no, but if you do default you need to validate the $_GET if you use it in that case.
eg:
switch ($_GET['input']) {
case 'one':
echo "input is one";
break;
case 'two':
echo "input is two";
break;
default:
// here `$_GET['input']` need to be validated, escaped, checked if you use it to avoid XSS or SQL injections
echo $_GET['input'];
}
No, your case is basically the validation.
The switch statement is similar to a series of IF statements on the same expression. In many occasions, you may want to compare the same variable (or expression) with many different values, and execute a different piece of code depending on which value it equals to. This is exactly what the switch statement is for.
Note that switch/case does loose comparision.
<?php
switch ($i) {
case "apple":
echo "i is apple";
break;
case "bar":
echo "i is bar";
break;
case "cake":
echo "i is cake";
break;
default:
echo "";
break;
}
?>
So, the short answer is "NO".