Is the following code safe?
$d = new DateTime($_GET["date"]);
AFAIK there are no direct ways to use date format string for malicious purposes. However, there may be some peculiarities in different OS, so - would you add an additional check to ensure that date look exactly like yyyy-mm-dd
?
I'm using both PHP5.6 & PHP7.