Previously, a user was primarily getting information through the network. And today's network just more focus on the interaction with users, users are no longer just the site of the browser, but also the manufacturer of the site content. From the previous simple "read" to "write" and "co-creation" development, from passively receive information to active branch information development. The attendant security issues are a problem that Web developers cannot ignore, and validating data from third-party sources is an essential feature of every Web application.
In the past, PHP needs to verify the data, usually the programmer himself through the regular expression implementation, and from PHP starting from 5.2 to the original Pcel filter function moved to the built-in library, and do a lot of hardening, you can use these functions to achieve the filtering and validation of data.
Data source and verification type
The data source in PHP consists of two parts, one is external variables (such as post, GET, cookie, etc.), and the other is the data generated inside the page. PHP defines the ilter_input_** and filter_var_** series functions for both types of data. And according to the verification method is different can be divided into validating and sanitizing two kinds. The validating is used to validate the data and returns a Boolean value. Sanitizing filters Some specific characters by rule and returns the processed string.
Simple usage
For example, to verify whether a string is an integer, in the past we can do it through regular expressions or is_numeric functions:
Copy CodeThe code is as follows:
$str = ' 51ab ';
Preg_match ('/^[0-9]*$/', $str);
Is_numeric ($STR);
The new validation function can be used in the following ways:
$str = ' 51ab ';
Echo Filter_var ($str, filter_validate_int)? ' is valid ': ' isn't valid '; Filter_validate_int is a PHP-defined filter that verifies whether $str is an integer. In fact, this is a numeric constant, with echo filter_validate_int; The discovery value is 257. So we can also use:
$str = ' 51ab ';
Echo Filter_var ($STR, 257)? ' is valid ': ' isn't valid '; A large number of commonly used filters are defined in PHP, and we can get all the supported filter names (in string notation) with Filter_list (), and then use FILTER_ID (string) to get their values:
Print_r (Filter_list ()); All supported filter names.
Echo ' ========= ';
echo filter_id (' int '); ' int ' is a filter name returned by Filter_list. The above will be entered similar to the following:
Array (0=>int ',1=> ' boolean ',2=> ' float ',3=> ' validate_regexp ')
==========
257Sanitizing Filter
The above is to verify that the data format is correct, and sometimes it is important to filter out irrelevant content. Sanitize filtering provides this functionality, such as filtering out extra characters from an email:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
