Php filter full resolution _ php instance

Source: Internet
Author: User
Tags valid email address
PHP filters are used to verify and filter data from unsafe sources. This article gives you a comprehensive analysis of PHPFilter related knowledge, very good, interested friends to learn it, PHP filter used to verify and filter data from non-security sources, such as user input.

What is a PHP filter?

PHP filters are used to verify and filter data from unsafe sources.

Verifying and filtering user input or custom data is an important part of any Web application.

The PHP filter extension is designed to make data filtering easier and faster.

Why filter?

Almost all web applications depend on external input. This data usually comes from users or other applications (such as web services ). By using a filter, you can ensure that the program obtains the correct input type.

You should always filter external data!

Input filtering is one of the most important application security issues.

What is external data?

• Input data from forms

• Cookies

• Server variables

• Database query results

Functions and filters

To filter variables, use one of the following filter functions:

• Filter_var ()-filter a single variable using a specified filter

• Filter_var_array ()-filter multiple variables using the same or different filters

• Filter_input-get an input variable and filter it

• Filter_input_array-obtains multiple input variables and filters them using the same or different filters.

In the following example, we use the filter_var () function to verify an integer:

<?php$int = 123;if(!filter_var($int, FILTER_VALIDATE_INT)){echo("Integer is not valid");}else{echo("Integer is valid");}?> 

The above code uses the "FILTER_VALIDATE_INT" filter to filter variables. Because this Integer is valid, the output of the code is: "Integer is valid ".

If we try to use a non-Integer variable, the output is: "Integer is not valid ".

For a complete list of functions and filters, visit our PHP Filter reference manual.

Validating and Sanitizing

There are two filters:

Validating filter:

• Used to verify user input

• Strict format rules (such as URL or email verification)

• If the operation succeeds, the expected type is returned. if the operation fails, FALSE is returned.

Sanitizing filter:

• Allows or disables specified characters in a string

• No data format rules

• Always returns a string

Options and flag

The options and flag are used to add additional filter options to the specified filter.

Different filters have different options and logos.

In the following example, we use the filter_var (), "min_range", and "max_range" options to verify an integer:

<?php$var=300;$int_options = array("options"=>array("min_range"=>0,"max_range"=>256));if(!filter_var($var, FILTER_VALIDATE_INT, $int_options)){echo("Integer is not valid");}else{echo("Integer is valid");}?> 

Just like the code above, the options must be placed in a related array named "options. If a flag is used, it does not need to be in the array.

Because the Integer is "300", it is not within the specified range, and the output of the above code will be "Integer is not valid ".

For a complete list of functions and filters, visit the PHP Filter reference manual provided by W3School. You can see the available options and logos for each filter.

Verification input

Let's try to verify the input from the form.

The first thing we need to do is to confirm whether the input data we are looking for exists.

Then we use the filter_input () function to filter input data.

In the following example, the input variable "email" is uploaded to the PHP page:

<?phpif(!filter_has_var(INPUT_GET, "email")){echo("Input type does not exist");}else{if (!filter_input(INPUT_GET, "email", FILTER_VALIDATE_EMAIL)){echo "E-Mail is not valid";}else{echo "E-Mail is valid";}}?>


In the above example, an input variable (email) transmitted through the "GET" method is as follows ):

1. check whether "GET" type "email" input variables exist

2. check whether the input variable is a valid email address.

Purify input

Let's try to clear the URL from the form.

First, check whether the input data we are searching for exists.

Then, we use the filter_input () function to purify the input data.

In the following example, the input variable "url" is uploaded to the PHP page:

<?phpif(!filter_has_var(INPUT_POST, "url")){echo("Input type does not exist");}else{$url = filter_input(INPUT_POST, "url", FILTER_SANITIZE_URL);}?> 


In the above example, there is an input variable (url) transmitted through the "POST" method ):

1. check whether there is a "POST" type "url" input variable

2. if this input variable exists, purify it (delete invalid characters) and store it in the $ url variable

If the input variable is similar to the following: "http: // www. W3 non-o c character n/", the $ url variable after cleaning should be like this:

Filter multiple inputs

A form is usually composed of multiple input fields. To avoid repeated calls to filter_var or filter_input, we can use filter_var_array or the filter_input_array function.

In this example, we use the filter_input_array () function to filter three GET variables. The GET variable received is a name, an age, and an email address:

<?php$filters = array("name" => array("filter"=>FILTER_SANITIZE_STRING),"age" => array("filter"=>FILTER_VALIDATE_INT,"options"=>array("min_range"=>1,"max_range"=>120)),"email"=> FILTER_VALIDATE_EMAIL,);$result = filter_input_array(INPUT_GET, $filters);(array(3) { ["name"]=> string(1) "1" ["age"]=> bool(false) ["email"]=> string(8) "" })if (!$result["age"]){echo("Age must be a number between 1 and 120.
");}elseif(!$result["email"]){echo("E-Mail is not valid.
");}else{echo("User input is valid");}?>


In the above example, there are three input variables (name, age and email) transmitted through the "GET" method)

1. set an array containing the name of the input variable and the filter used for the specified input variable.

2. call the filter_input_array function. the parameters include GET input variables and the array you just set.

3. check whether the "age" and "email" variables in the $ result variable contain invalid input. (If illegal input exists ,)

The second parameter of the filter_input_array () function can be the ID of an array or a single filter.

If this parameter is the ID of a single filter, the specified filter filters all values in the input array.

If this parameter is an array, the array must follow the following rules:

• It must be an associated array, and the input variables contained in it are the keys of the array (for example, "age" input variables)

• The value of this array must be the ID of the filter, or an array that specifies the filter, flag, and options.

Use Filter Callback

By using the FILTER_CALLBACK filter, you can call a custom function and use it as a filter. In this way, we have full control over data filtering.

You can create your own custom functions or use existing PHP functions.

You are required to use the method of the filter function, which is the same as the method of the specified option.

In the following example, we use a custom function to convert all "_" to spaces:

<?phpfunction convertSpace($string){return str_replace("_", " ", $string);}$string = "Peter_is_a_great_guy!";echo filter_var($string, FILTER_CALLBACK, array("options"=>"convertSpace"));?> 

The result of the above code is as follows:

Peter is a great guy!


In the preceding example, convert all "_" into spaces:

1. create a function that replaces "_" with spaces.

2. call the filter_var () function. its parameter is the FILTER_CALLBACK filter and the array containing our function.

The above is a comprehensive analysis of PHP Filter filters introduced by Xiaobian. I hope it will help you. if you have any questions, please leave a message and I will reply to you in a timely manner. I would like to thank you for your support for the script home website!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.