In this section, let's look at a less common but powerful PHP feature: FILTERS, which can be used to validate (validation) and error correction (sanitization)
When a data source contains unknown or indeterminate data, it becomes useful, at most, for processing data submitted by the customer from an HTML form (form)
The extension contains two main filtering types: validation (validation) and error correction (sanitization)
Validation (validation) is primarily used to check whether the data meets certain criteria, such as when passing in Filter_validate_email, it checks that the email address is valid, and does not perform error correction when it is found to be inconsistent with the specification
Error correction (sanitization) will process the data and convert or remove characters that do not conform to the specification, for example: When Filter_sanitize_email is passed in, it will handle characters that are not compliant in the mail address, but will not check that the mail address is valid
Detail visible: http://in.php.net/manual/en/book.filter.php
Hint: FILTER is added in PHP 5.2 version
Here is an introduction to validation (validation) Filters
Copy Code code as follows:
Filter_validate_boolean: Validates the value as a Boolean option, returns True for "1", "true", "on" and "Yes", and the rest returns FALSE
Filter_validate_email: Verify the value as a mailing address
Filter_validate_float: Validating values as floating-point numbers
Filter_validate_int: Validating values with integers, you can select a range
FILTER_VALIDATE_IP: Validate the value as IP
Filter_validate_regexp: Validating values based on Perl-compatible regular expressions
Filter_validate_url: Validating the value as a URL
Example:
Verify Email Address:
Copy Code code as follows:
<?php
$email _a = ' onedayin2013@shawn.com ';
$email _b = ' invalid@email ';
if (Filter_var ($email _a, filter_validate_email)) {
echo "This ($email _a) e-mail address is valid.";
} else {
echo "This ($email _a) e-mail address is invalid.";
}
if (Filter_var ($email _b, filter_validate_email)) {
echo "This ($email _b) e-mail address is valid.";
} else {
echo "This ($email _b) e-mail address is invalid.";
}
Output the following:
This (onedayin2013@shawn.com) e-mail address is valid.
This (invalid@email) e-mail address is invalid.
?>
Verify IP Address:
Copy Code code as follows:
<?php
$ip _a = ' 127.0.0.1 ';
$ip _b = ' 52.69 ';
if (Filter_var ($ip _a, filter_validate_ip)) {
echo "This ($ip _a) IP address is valid.";
}else{
echo "This ($ip _a) IP address is invalid.";
}
if (Filter_var ($ip _b, filter_validate_ip)) {
echo "This ($ip _b) IP address is valid.";
}else{
echo "This ($ip _b) IP address is invalid.";
}
Output the following:
This (127.0.0.1) IP address is valid.
This (52.69) IP address is invalid.
?>
Error correction (sanitization) Filters
Copy Code code as follows:
Filter_sanitize_email: Remove all characters except letters, numbers and!#$%& ' *+-/=?^_ ' {|} ~@. [].
Filter_sanitize_encoded: Remove characters that are not required by URL encoding, similar to the UrlEncode () function
Filter_sanitize_magic_quotes: Adds a backslash before the specified predefined character, single quotation mark ('), double quotation mark ("), backslash (\), and NULL
Filter_sanitize_number_float: Remove all characters except numbers, +-and optional (.,)
Filter_sanitize_number_int: Remove all characters except numbers and +-
Filter_sanitize_special_chars: Used to escape characters with "<>& and ASCII values below 32 values
Filter_sanitize_string: Delete data that is potentially harmful to your application. It is used to remove tags and remove or encode unwanted characters
filter_sanitize_stripped: Remove or encode unwanted characters, which are filter_sanitize_string aliases
Filter_sanitize_url: Remove all characters except letters, numbers and $-_.+!* ' (), {}|\\^~[] ' <>#% ';
Filter_unsafe_raw: No filtering, removal or encoding of special characters
Example:
Copy Code code as follows:
<?php
$invalid _email = "(Corrupted@foo dot com)";
if (!filter_var ($invalid _email, filter_validate_email)) {
$sanitized _email = Filter_var ($invalid _email, filter_sanitize_email);
echo "This ($invalid _email) e-mail address is invalid.";
echo "sanitized Email is: $sanitized _email";
}
Output the following:
This (corrupted@foo dot com) e-mail address is invalid.
Sanitized Email is:corrupted@foo.com
?>
Filter get and POST variables
Copy Code code as follows:
Filter_input (input_type, variable, filter, options)
function to obtain input from outside the script for validation of variables from unsecured sources, such as user input
You can obtain input from the following sources
Input_get input_post Input_cookie input_env input_server
Copy Code code as follows:
Input_type Specify the type of input, see the possible types above
Variable specify the variables to be filtered
Filter can be selected. Specify the ID of the filter to use. The default is filter_sanitize_string.
Example:
Copy Code code as follows:
<?php
$search _html = filter_input (input_get, ' Search ', filter_sanitize_special_chars);
$search _url = filter_input (input_get, ' Search ', filter_sanitize_encoded);
echo "have searched for $search _html."
echo "<a href=" sunzhenghua.com?search= $search _url ">search again.</a>";
?>
