PHP Filter Safe Character filtering

PHP filters are used to validate and filter data from unsafe sources, such as user input.


-------------------------------------------------- ------------------------------

What is a PHP filter?
A PHP filter is used to validate and filter data from unsafe sources.

To test, validate and filter user input or custom data is an important part of any network application.

The purpose of PHP's filter extensions is to make data filtering easier and faster.


-------------------------------------------------- ------------------------------

Why should I use a filter?
Almost all network applications rely on external input. Typically this is from a user or other application, such as a Web service. By using a filter, you can ensure that your application gets the correct input type.

You should always filter all the external data!

Input filtering is one of the most important security issues for an application.

What is external data?

Input data from one form
Cookies
Web Service data
Server variables
Database Query Results

-------------------------------------------------- ------------------------------

Functions and filters
To filter a variable, use one of the following filtering features:

Filter_var ()-Filter with a single variable specified filter
Filter_var_array ()-Filter Some variables with the same or different filters
Filter_input-Gets an input variable and a filter,
Filter_input_array-Get several input variables and filter these same or different filters
In the following example, we verify that an integer uses the Filter_var () function:

<?php
$int = 123;

if (!filter_var ($int, filter_validate_int))
 {
 echo ("Integer is not valid");
 }
else
 {
 echo ("Integer is valid");
>

  
  

   
   

   
The code above uses the "Filter_validate_int" filter to filter the variables. Because integers are valid, the above code for output will be: "Integers are valid." ”

If we try a variable, not an integer (such as "123ABC"), the output will be: "Integer is invalid".

For a complete list of features and filters, please visit our PHP filter reference.



-------------------------------------------------- ------------------------------

Validation and disinfection
There are two types of filters:

Verify filter:

is used to validate user input
Strict formatting rules (e.g. URL or e-mail verification)
Expected revenue type success or false failure
Disinfection Filter:

A string that is used to allow or deny certain characters
No data format rules
Return string at any time

-------------------------------------------------- ------------------------------

Options and flags
The selection and banner are used to add additional filtering options to the specified filter.

Different filters have different options and flags.

In the following example, we verify that an integer uses the Filter_var () and the "Min_range" and "Max_range" options:
   

   
   

   

   

   
   
<?php
$var = 300;

   
   
$int _options = Array (
"Options" =>array
 ("
 min_range" =>0,
 "Max_range" =>256
 )
);

   
   
if (!filter_var ($var, Filter_validate_int, $int _options))
 {
 echo ("Integer is not valid");
 }
else
 {
 echo ("Integer is valid");
>

   
   


   
   
    
    

     
     

     
Like the code above, select the name "option" that must be established in an associative array. If a flag is used it does not need to be in an array.

Since the integer is "300" this is not within the specified range, the output code snippet will be: "Integer is invalid".

For a complete list of features and filters, please visit our PHP filter reference. Check each filter to see the selection and flag available.


-------------------------------------------------- ------------------------------

Validating input
Let's try to validate a form of input.

First of all, what we need to do is to confirm the input data that we are looking for exists.

We then filter the input data using the Filter_input () function.

In the following example, the input variable "e-mail" is sent to the PHP page:
     

     
     

     

     

     
     
<?php
if (!filter_has_var (input_get, "email"))
 {
 echo ("INPUT type does not exist");
 }
else
 {
 if (!filter_input (input_get, "email", filter_validate_email))
  {
  echo "e-mail is not valid";
  }
 Else
  {
  echo ' e-mail is valid ';
  }
 }
? >

     
     


     
     
      
      

       
       

       
For example to explain
In the example above, there is an input (email) that gives it a "get" method:

If the "get" type of "e-mail" input variable is checked for existence
If the input variable exists, check if it is a valid e-mail address

-------------------------------------------------- ------------------------------

Purifying input
Let's try to clean out the URL out of a form.

First, we confirm that the input data we are looking for exists.

Then we clean the input data using the Filter_input () function.

In the following example, the input variable "url" is sent to the PHP page:
       

       
       

       

       

       
       
<?php
if (!filter_has_var (input_post, "url")
 {
 echo ("INPUT type does not exist");
 }
else
 {
 $url = Filter_input (input_post, 
 URL, filter_sanitize_url);
>

       
       


       
       
        
        

         
         

         
For example to explain
In the example above the input (URL) is sent to it using the "post" method:

If "url" is selected to enter the "back" type exists
If the input variable exists, purify (take the invalid character) and store it in the variable $ url
If the input variable is a string such as "http://www.w3ååschøøools.com/", the URL for the variable disinfection looks like this:
         

         
         

         

         

         
         

         
Www.111cn.net
         

         
         

         

         

         
         
 
          

          
Filter More input
The form is almost always made up of more than one input field. To avoid calling Filter_var or Filter_input functions, many,
          
 
          

          
We can use Filter_var_array or Filter_input_array functions.

In this example we use the Filter_input_array () function to filter the three get variables.
          
 
          

          
The get variable in receipt is a name, age and e-mail address:
          
 
          
<?php
$filters = array
 (
 "name" => array
  (
  "filter" =>filter_sanitize_string
  ),
 "age" => array
  ("
  filter" =>filter_validate_int,
  "Options" =>array
   (
   "Min_range" =>1,
   "Max_range "=>120)"
  ,
 "email" => filter_validate_email,
 );
 
          
$result = Filter_input_array (Input_get, $filters);
 
          
if (! $result [' age '])
 {
 echo ("Age must be a number between 1 and 120.<br/>");
 }
ElseIf (! $result ["email"])
 {
 echo ("E-valid.<br/>");
 }
else
 {
 echo ("User input is valid");
 }
? >
 
          

          

          
 
          
 
           

           
For example to explain
The above example has three inputs (name, age and email) sent to it using the "get" method:

Sets an array containing the name of the input variable and the filter used in the specified input variable
Call Filter_input_array () and get and arrays of input variables we just set
Check the "Age" and "e-mail" variables $ result variable as invalid input. (If any of the input variables are invalid, that is, the input variable will be false, the Filter_input_array () function)
The Filter_input_array () function of the second argument can be an array or a filter number.

If the parameter is a single filter number all the values in the input array filter the specified filter.

If the argument is an array, it must follow these rules:

Must be an associative array containing an input variable as the key to an array (e.g. "age" input variable)
Array value must be a filter ID or array specified filter, banner and select

-------------------------------------------------- ------------------------------

Use Filter callback
It is possible to invoke a user-defined feature and use it as a filter to use the Filter_callback filter. As a result, we have complete control over data filtering.

You can create your own user-defined functions or use existing PHP functions

function to use the specified filter in the same way as an option is specified. In the name of an associative array "options"

In the following example, we use the user creation function to put all "_" as a space:
           
 
           

           

           
 
           
<?php
function Convertspace ($string)
{return
Str_replace ("_", "", $string);
}

$string = "peter_is_a_great_guy!";

Echo Filter_var ($string, Filter_callback,
Array ("Options" => "Convertspace"));
? >
 
           
 
           
Output such as
 
           
 
           
Peter is a great guy!

  
              
              

               
               
   For example to explain
   
               
               
In the example above, convert all "_" to a space: 
   
               
               

   
               
               
Create a function to replace "_" with a space
   
               
               
Call Filter_var () function with Filter_callback filter and an array containing our features