Application of filter in PHP for data security filtering

Source: Internet
Author: User
Use filter for data security filtering in PHP

Security is an eternal topic, and any phper will inevitably have to pass data validation and filtering. The usual method of verification, I believe that as long as a bit of experience phper can write a sorta, but the safety of the problem. Here I introduce a method of validating using the filter of PHP, which is simple and efficient.


The filter was used as part of the PHP extension (PECL) and needed to load external library files, but the version after PHP 5.2 was compiled into PHP and was not loaded when used. Currently the filter provides functions: Filter_has_var, filter_id, Filter_input_array, Filter_input, Filter_var_array, Filter_var. Confined to space, here are just two of the most commonly used, Filter_var and filter_input. Filter_var is used for content filtering of page internal variables, filter_input for content filtering for external variables such as post, GET, Cookie, and so on.

?

First, introduce the Filter_var function, first look at the function prototype:
Mixed Filter_var (mixed $variable [, int $filter [, mixed $options]])
$variable-Variables to filter
$filter-Type ID constants to filter
$options-Filter Type parameters


One of the key things to master is the $filter parameter, which is a predefined constant with special meanings, such as: Filter_validate_int for validating integer variables, filter_validate_email for validating email formats, etc. (more constants can be seen in the PHP manual about the filter section, which has a detailed list of this parameter)


In the case of a return value, when matched, the match returns the original content correctly, returns False when the match error occurs, and returns the filtered content when filtered.


Here are some examples of use:

 
  FILTER_VALIDATE_INT, $int _options))//email format Test $var = ' linvo@126.com '; Var_dump (Filter_var ($var, Filter_validate_email)); $var = ' Linvo@126com '; Var_dump (Filter_var ($var, Filter_validate_email));//ip format Test $var = ' 11.22.33.44 '; Var_dump (Filter_var ( $var, Filter_validate_ip)); $var = ' 111.222.333.444 '; Var_dump (Filter_var ($var, filter_validate_ip));//url format Test $var = ' Http://www.linvo2008.cn/blog '; Var_dump (Filter_var ($var, Filter_validate_url)); $var = ' www.linvo2008.cn/blog '; var_ Dump (Filter_var ($var, Filter_validate_url));//Remove hypertext tag Test $var = ' This is a link test! '; Var_dump (Filter_var ($var, filter_sanitize_string));
?

You can run it yourself and see the results. In addition, for the third $options parameter, you can set the validation type in detail. For example, when verifying IP, you can set the filter rule to IPv4 or IPV6 by this parameter:

?

 ?

See the PHP Manual for additional detailed parameters.

?

The above is the filter of the internal variables of the page, but we want to be able to directly verify the user input data, the data is the external variables, which is used in the Filter_input function:


Mixed filter_input (int $type, string $variable _name [, int $filter [, mixed $options]])
From the function prototype can be seen, in addition to the original three parameters, more than the first $type parameter. This parameter is used to set the array in which the variable is to be filtered, which is equivalent to: The Post method is saved in the $_post array, and the Get method is saved in the $_get array. It is also set by predefined constants, such as: POST corresponding to the input_post,get corresponding to Input_get and so on. (See PHP Manual for more constants)
Here's an example, which consists of two pages: the index.html front-end form page, and the Do.php backend processing page.


File:index.html

?

?

file:do.php

?

 
   Error '; Echo ' Name: ', $name; $msg  = $qq = = = False? $error: $QQ; Echo ' QQ: ', $msg; $msg  = $email = = = False? $error: $ Email;echo ' Email: ', $msg; $msg  = $blog = = = False? $error: $blog; echo ' blog: ', $msg;
?

Index.html page Demo effect (before submission):

Do.php page Demo effect (after submission):

Here, you should basically master the use of filter, more use waiting for everyone to explore:)

?

Reference: http://www.w3school.com.cn/php/php_ref_filter.asp

?

?

?

?

?

?

?

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.