How to implement PHP filter 1th/2 page _php Tutorial

Source: Internet
Author: User
Tags types of filters
PHP filters are used to validate and filter data from non-secure sources, such as the user's input.
What is a PHP filter?
PHP filters are used to validate and filter data from non-secure sources.

Validating and filtering user input or custom data is an important part of any WEB application.

PHP's filter extensions are designed to make data filtering easier and faster.
Why use filters?
Almost all Web applications rely on external input. This data usually comes from users or other applications (such as Web services). By using filters, you can ensure that the correct input type is available for the program.

You should always filter out external data!

Input filtering is one of the most important application security issues.

What is external data?
Input data from the form
Cookies
Server variables
Database Query Results
Functions and filters
To filter variables, use one of the following filter functions:

Filter_var ()-Filters a single variable with a specified filter
Filter_var_array ()-Filter multiple variables by the same or different filters
Filter_input-Gets an input variable and filters it
Filter_input_array-Get multiple input variables and filter them by the same or different filters
In the following example, we use the Filter_var () function to validate an integer:
Copy CodeThe code is as follows:
$int = 123;

if (!filter_var ($int, Filter_validate_int))
{
Echo ("Integer is not valid");
}
Else
{
Echo ("Integer is valid");
}
?>

The above code uses the "Filter_validate_int" filter to filter the variables. Since this integer is legal, the output of the code is: "An integer is valid".

If we try to use a variable with a non-integer, the output is: "The integer is not valid".

For a complete list of functions and filters, please visit our PHP Filter reference manual.
Validating and sanitizing
There are two types of filters:

Validating Filter:
Used to validate user input
Strict formatting rules (e.g. URL or e-mail authentication)
Returns FALSE if the expected type is successful
Sanitizing Filter:
Used to allow or disallow characters specified in a string
Unlimited data formatting rules
Always returns a string
Options and flags
Options and flags are used to add additional filtering options to the specified filter.

Different filters have different options and logos.

In the following example, we validate an integer with the Filter_var () and the "Min_range" and "Max_range" options:
Copy CodeThe code is as follows:
$var = 300;

$int _options = Array (
"Options" =>array
(
"Min_range" =>0,
"Max_range" =>256
)
);

if (!filter_var ($var, Filter_validate_int, $int _options))
{
Echo ("Integer is not valid");
}
Else
{
Echo ("Integer is valid");
}
?>

Just like the code above, the options must be placed in a related array called options. If you use flags, you do not need to be inside the array.

Since the integer is "300", it does not exist in the specified atmosphere, the output of the above code will be "Integer is not valid".

For a complete list of functions and filters, please visit the PHP Filter reference manual provided by W3school. You can see the options and flags available for each filter.
Validate input
Let's try to verify the input from the form.

The first thing we need to do is to confirm the existence of the input data we're looking for.

We then use the Filter_input () function to filter the input data.

In the following example, the input variable "email" is uploaded to the PHP page:
Copy CodeThe code is as follows:
if (!filter_has_var (input_get, "email"))
{
Echo ("Input type does not exist");
}
Else
{
if (!filter_input (input_get, "email", filter_validate_email))
{
echo "e-mail is not valid";
}
Else
{
echo "e-mail is valid";
}
}
?>

Example Explanation:
The above example has an input variable (email) that is transmitted via the "GET" method:

Detects if there is a "GET" type of "email" input variable
If an input variable exists, detect if it is a valid e-mail address
Purifying input
Let's try to clean up the URLs that came from the form.

First, we want to make sure we have the input data we're looking for.

We then use the Filter_input () function to purify the input data.

In the following example, the input variable "url" is uploaded to the PHP page:
Copy CodeThe code is as follows:
if (!filter_has_var (input_post, "url"))
{
Echo ("Input type does not exist");
}
Else
{
$url = Filter_input (Input_post,
"url", Filter_sanitize_url);
}
?>

Example Explanation:
The above example has an input variable (URL) that is transmitted via the "POST" method:

Detect if there is a "POST" type of "url" input variable
If this input variable exists, it is sanitized (removing illegal characters) and stored in the $url variable
If the input variable is similar: "http://www.w3#$%s^%$ #ool. com.cn/", then the purified $url variable should look like this:

http://www.W3School.com.cn/filtering multiple inputs
A form is typically composed of multiple input fields. To avoid repeating calls to Filter_var or filter_input, we can use the Filter_var_array or the Filter_input_array function.

In this example, we use the Filter_input_array () function to filter three GET variables. The get variable received is a name, an age, and an e-mail address:
Copy CodeThe code is as follows:
$filters = array
(
"Name" = = Array
(
"Filter" =>filter_sanitize_string
),
"Age" = = array
(
"Filter" =>filter_validate_int,
"Options" =>array
(
"Min_range" =>1,
"Max_range" =>120
)
),
"e-mail" = Filter_validate_email,
);

$result = Filter_input_array (Input_get, $filters);

if (! $result ["Age"])
{
Echo ("Age must is a number between 1 and 120.
");
}
ElseIf (! $result ["email"])
{
Echo ("e-mail is not valid.
");
}
Else
{
Echo ("User input is valid");
}
?>

Example Explanation:
The above example has three input variables (name, age, and email) passed through the "GET" method.

Sets an array that contains the name of the input variable and the filter for the specified input variable
Call the Filter_input_array function, which includes the GET input variable and the array you just set
Detects if the "age" and "email" variables in the $result variable have illegal input. (if there is an illegal input,)
The second parameter of the Filter_input_array () function can be an array or the ID of a single filter.

If the parameter is the ID of a single filter, the specified filter filters all values in the input array.

If the parameter is an array, then this array must follow the following rules:

Must be an associative array that contains input variables that are the keys of the array (e.g. "age" input variable)
The value of this array must be the ID of the filter, or an array that specifies the filters, flags, and options
Using the Filter Callback
By using the Filter_callback filter, you can invoke a custom function and use it as a filter. In this way, we have full control over the data filtering.

You can create your own custom functions, or you can use existing PHP functions.

A function that specifies that you want to use the filter is the same as the method of the specified option.

In the following example, we use a custom function to convert all "_" to a space:
Copy CodeThe code is as follows:
function Convertspace ($string)
{
Return Str_replace ("_", "", $string);
}

$string = "peter_is_a_great_guy!";

Echo Filter_var ($string, Filter_callback,
Array ("Options" = "convertspace"));
?>

The result of the above code is this:

Peter is a great guy! example explains:
The above example converts all "_" into spaces:

Create a function to replace "_" with a space
Call the Filter_var () function, whose arguments are the Filter_callback filter and the array that contains our functions

http://www.bkjia.com/PHPjc/322077.html www.bkjia.com true http://www.bkjia.com/PHPjc/322077.html techarticle PHP filters are used to validate and filter data from non-secure sources, such as the user's input. What is a PHP filter? PHP filters are used to validate and filter data from non-secure sources ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.