In this section, let's look at a less common but powerful PHP feature: FILTERS, which can be used to verify (validation) and error correction (sanitization)
When the data source contains unknown or indeterminate data, it becomes very useful to process data submitted by the customer from an HTML form (form).
The extension contains two main filter types: validation (validation) and error correction (sanitization)
Validation (validation) is primarily used to check whether the data meets certain criteria, such as when an filter_validate_email is passed in, it checks that the email address is valid and does not perform error correction when it finds a non-conforming specification
Error correction (sanitization) will process the data, convert or remove non-conforming characters, for example: When the Filter_sanitize_email is passed in, it will handle the non-conforming characters of the e-mail address, but will not check if the e-mail address is valid
Detail visible: http://in.php.net/manual/en/book.filter.php
Hint: FILTER is added in PHP 5.2
Here is an introduction to authentication (validation) Filters
Copy CodeThe code is as follows: Filter_validate_boolean: Validates the value as a Boolean option, returns True for "1", "true", "on" and "Yes", and returns FALSE for the rest
Filter_validate_email: Verify the value as an e-mail address
Filter_validate_float: Verify the value as a floating-point number
Filter_validate_int: Validating values with integers, you can select ranges
FILTER_VALIDATE_IP: Verify the value as IP
Filter_validate_regexp: Validating values based on Perl-compatible regular expressions
Filter_validate_url: Validating the value as a URL
Example:
Verify Email Address:
Copy CodeThe code is as follows:
<?php
$email _a = ' onedayin2013@shawn.com ';
$email _b = ' invalid@email ';
if (Filter_var ($email _a, filter_validate_email)) {
echo "This ($email _a) e-mail address is valid.";
} else {
echo "This ($email _a) e-mail address is invalid.";
}
if (Filter_var ($email _b, filter_validate_email)) {
echo "This ($email _b) e-mail address is valid.";
} else {
echo "This ($email _b) e-mail address is invalid.";
}
Output the following:
This (onedayin2013@shawn.com) e-mail address is valid.
This (invalid@email) e-mail address is invalid.
?>
Verify IP Address:
Copy CodeThe code is as follows: <?php
$ip _a = ' 127.0.0.1 ';
$ip _b = ' 52.69 ';
if (Filter_var ($ip _a, filter_validate_ip)) {
echo "This ($ip _a) IP address is valid.";
}else{
echo "This ($ip _a) IP address is invalid.";
}
if (Filter_var ($ip _b, filter_validate_ip)) {
echo "This ($ip _b) IP address is valid.";
}else{
echo "This ($ip _b) IP address is invalid.";
}
Output the following:
This (127.0.0.1) IP address is valid.
This (52.69) IP address is invalid.
?>
Error Correction (sanitization) Filters
Copy the code code as follows: Filter_sanitize_email: Remove all characters except letters, numbers and!#$%& ' *+-/ =?^_`{|} ~@. [].
Filter_sanitize_encoded: Removes characters that are not required for URL encoding, similar to the UrlEncode () function
Filter_sanitize_magic_quotes: Adds a backslash before the specified pre-defined character. Single quotation marks ('), double quotation marks ("), backslashes (\), and NULL
Filter_sanitize_number_float: Remove all characters except numbers, +-and optional (.,)
Filter_sanitize_number_int: Remove all characters except numbers and +-
Filter_sanitize_special_chars: Used to escape <>& and ASCII values below 32 values
Filter_sanitize_ STRING: Removes data that is potentially harmful to the application. It is used to remove tags and remove or encode unwanted characters
filter_sanitize_stripped: Remove or encode unwanted characters, filter_sanitize_string aliases
Filter_sanitize_url : Remove all characters except letters, numbers and $-_.+!* ' (), {}|\\^~[] ' <>#% ';/?:@&=.
Filter_unsafe_raw: Do not filter, remove or encode special characters
Example:
Copy the Code code as follows: <?php
$invalid _email = "(Corrupted@foo dot com)";
if (!filter_var ($invalid _email, filter_validate_email)) {
$sanitized _email = Filter_var ($invalid _email, filter_sanitize_email);
echo "This ($invalid _email) e-mail address is invalid.";
echo "sanitized Email is: $sanitized _email";
}
Output the following:
This (corrupted@foo dot com) e-mail address is invalid.
Sanitized Email is:corrupted@foo.com
?>
Filtering GET and POST variables
Copy the Code code as follows: Filter_input (input_type, variable, filter, options)
The function takes input from outside the script to validate variables from non-secure sources, such as the user's input
Input can be obtained from the following sources
Input_get input_post Input_cookie input_env input_server
Copy the Code code as follows: input_type Specifies the type of input, see Possible types above
Variable specify the variables to filter
Filter is optional. Specifies the ID of the filter to be used. The default is filter_sanitize_string.
Example:
Copy the Code code as follows: <?php
$search _html = filter_input (input_get, ' Search ', filter_sanitize_special_chars);
$search _url = filter_input (input_get, ' Search ', filter_sanitize_encoded);
echo "You had searched for $search _html.";
echo "Search again.";
?>
http://www.bkjia.com/PHPjc/824815.html www.bkjia.com true http://www.bkjia.com/PHPjc/824815.html techarticle in this section, let's look at a less common but powerful PHP feature: FILTERS, which can be used to verify (validation) and error correction (sanitization) when the data source contains unknown ...