Php filter implementation code _ PHP Tutorial

Source: Internet
Author: User
Php filter implementation code. In the past, a user obtained information through the network. Today's network is focusing more on interaction with users. users are no longer just Site viewers, but also the creators of website content. in the past, a user obtained information through the network. Today's network is focusing more on interaction with users. users are no longer just Site viewers, but also content makers. It evolved from a simple "read" to "write" and "co-creation", and from a passive reception of information to an active branch. The security issues that follow have become a problem that web developers cannot ignore. verifying data from third-party sources has become an essential feature for every web program.

In the past, PHP had to verify the data, which was generally implemented by programmers themselves through regular expressions. from PHP 5.2, the filter function in the original PCEL was moved to the built-in library, we have made a lot of enhancements to use these functions to filter and verify data.

Data source and verification type
The data source in PHP contains two parts: external variables (such as POST, GET, and COOKIE), and data generated inside the page. PHP defines the ilter_input _ ** and filter_var _ ** series functions for these two data types. Different verification methods can be divided into Validating and Sanitizing. Validating is used to verify data and returns a boolean value. Sanitizing filters specific characters according to rules and returns the processed string.

Simple usage
For example, to verify whether a string is an integer, we can use a regular expression or the is_numeric function in the past:

The code is as follows:


$ Str = '51ab ';
Preg_match ('/^ [0-9] * $/', $ str );
Is_numeric ($ str );


The new verification function can be used in the following ways:

$ Str = '51ab ';
Echo filter_var ($ str, FILTER_VALIDATE_INT )? 'Is valid': 'is not valid'; FILTER_VALIDATE_INT is a filter defined by PHP to verify whether $ str is an integer. In fact, this is a numerical constant. it is found that the value is 257 through echo FILTER_VALIDATE_INT. So we can also use:

$ Str = '51ab ';
Echo filter_var ($ str, 257 )? 'Is valid': 'is not valid'; PHP defines a large number of commonly used filters. we can use filter_list () to obtain all supported filter names (represented by strings ), then use filter_id (string) to obtain its value:

Print_r (filter_list (); // all supported filter names.
Echo '= ';
Echo filter_id ('int'); // 'int' is a filter name returned by filter_list. The following content is input:

Array (0 => int ', 1 => 'boolean', 2 => 'float', 3 => 'validate _ regexp ')
============
257Sanitizing filter
The above is to verify whether the data format is correct, and sometimes it is important to filter out irrelevant content. SANITIZE filtering provides this function, such as filtering out unnecessary characters in an email:

$ Email = 'script alert ("test ");Xxx@caixw.com ';
Echo $ email; // output directly. the script is executed.
Echo filter_var ($ email, FILTER_SANITIZE_EMAIL); // filter out <和> Output scriptalerttestscriptxxx@caixw.com options and flags
Filter_var is more than just that. you can also specify the third parameter and add some special options, such as an integer that specifies the maximum value:

The code is as follows:


$ Options = array (
'Options' => array ('max _ range' => 50 ),
'Flags' => FILTER_FLAG_ALLOW_OCTAL,
);
$ Str = '51 ';
Echo filter_var ($ str, FILTER_VALIDATE_INT, $ options )? 'Is valid': 'is not valid ';


The above is not valid. Max_range specifies that the maximum value is 50. FILTER_FLAG_ALLOW_OCTAL indicates that the data that can be verified is Octal, that is, data starting with 0.

The $ options parameter is an array containing two elements: options and flags. If only the flags element exists, it can also be passed directly without an array.

Verify external data
In addition to the data generated by the PHP script, the data submitted by the user accounts for the majority. Of course, we can also directly use filter_var for filtering:

The code is as follows:


If (isset ($ _ GET ['age'])
{
Echo filter_var ($ _ GET ['age'], FILTER_VALIDATE_INT )? 'Is valid': 'is not valid ';
}


However, PHP also provides several functions to verify data from external sources:

The code is as follows:


If (filter_has_var (INPUT_GET, 'age '))
{
Echo filter_input (INPUT_GET, 'age', FILTER_VALIDATE_INT )? 'Is valid': 'is not valid ';
}


Compared with filter_var, filter_input has one more parameter (the first parameter) used to specify the data source. Filter_has_var () is used to determine whether specified data exists.

Filter multiple data at a time
PHP also provides the filter_var_array and filter_input_array functions to verify multiple data at a time.

This is an instance from php.net that describes how to use filter_var_array.

The code is as follows:


$ Data = array (
'Product _ id' => 'libgd script ',
'Component' => '10 ',
'Version' => '2. 0.33 ',
'Testscalar '=> array ('2', '23', '10', '12 '),
'Testarray' => '2 ',
);

$ Args = array (
'Product _ id' => FILTER_SANITIZE_ENCODED,
'Component' => array ('filter' => FILTER_VALIDATE_INT,
'Flags' => FILTER_FORCE_ARRAY,
'Options' => array ('min _ range' => 1, 'max _ range' => 10)
),
'Version' => FILTER_SANITIZE_ENCODED,
'Doesnotexist' => FILTER_VALIDATE_INT,
'Testscalar '=> array (
'Filter' => FILTER_VALIDATE_INT,
'Flags' => FILTER_REQUIRE_SCALAR,
),
'Testarray' => array (
'Filter' => FILTER_VALIDATE_INT,
'Flags' => FILTER_FORCE_ARRAY,
)
);
$ Myinputs = filter_var_array ($ data, $ args );


Custom filter
You can specify a custom filter by passing a special filter FILTER_CALLBACK. the following filter converts the @ of all email addresses #.

The code is as follows:


Function fun ($ value)
{
Return strtr ($ value ,'@','#');
}
$ Var = filter_var ('ABC @ caix?com ', FILTER_CALLBACK, array ('options' => 'fun '));
Echo $ var;


Others
ID
(Filter constant)
Name
(Name returned by the filter_list () function)
Available options Flag space Description
Validating
FILTER_VALIDATE_BOOLEAN "Boolean" FILTER_NULL_ON_FAILURE True is returned when the hard data is "1", "true", "on", "yes". otherwise, false is returned. If the FILTER_NULL_ON_FAILURE flag is set, false is returned only when the values are "0", "false", "off", "no", and, other non-true values return null.
FILTER_VALIDATE_EMAIL "Validate_email" Verify email
FILTER_VALIDATE_FLOAT "Float" Decimal FILTER_FLAG_ALLOW_THOUSAND Verify floating point number
FILTER_VALIDATE_INT "Int" Min_range, max_range FILTER_FLAG_ALLOW_OCTAL, FILTER_FLAG_ALLOW_HEX Verifies an integer in a specified range.
FILTER_VALIDATE_IP "Validate_ip" FILTER_FLAG_IPV4, FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE Verify IP address
FILTER_VALIDATE_REGEXP "Validate_regexp" Regexp Verify a regular expression
FILTER_VALIDATE_URL "Validate_url" FILTER_FLAG_PATH_REQUIRED, FILTER_FLAG_QUERY_REQUIRED Verify a URL
Sanitizing
FILTER_SANITIZE_EMAIL "Email" Remove letters, numbers, and! # $ % & '* +-/=? ^ _ '{| }~ Characters other.
FILTER_SANITIZE_ENCODED "Encoded" FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH To remove or encode a specified string.
FILTER_SANITIZE_MAGIC_QUOTES "Magic_quotes" Apply the addslashes () function
FILTER_SANITIZE_NUMBER_FLOAT "Number_float" FILTER_FLAG_ALLOW_FRACTION, FILTER_FLAG_ALLOW_THOUSAND, FILTER_FLAG_ALLOW_SCIENTIFIC Remove characters except numbers, +-, and., eE
FILTER_SANITIZE_NUMBER_INT "Number_int" Remove characters except numbers and +-
FILTER_SANITIZE_SPECIAL_CHARS "Special_chars" FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_HIGH HTML escape character, '"&> <以及 ascii 值小于 32 的字符。以及其它指定的字符。 < td>
FILTER_SANITIZE_STRING "String" FILTER_FLAG_NO_ENCODE_QUOTES, FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP Remove tags or encode specified characters.
FILTER_SANITIZE_STRIPPED "Stripped" Alias of "string" filter.
FILTER_SANITIZE_URL "Url" Delete all characters except letters, numbers, and $-_. +! * '(), {}|\\^ ~ [] '<> # % ";/? : @ & =
FILTER_UNSAFE_RAW "Unsafe_raw" FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP Do not change, remove by flag or encode specified letters.
FILTER_CALLBACK "Callback" FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP Custom filter
Flag space
ID Available filters Description
FILTER_FLAG_STRIP_LOW FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW Remove characters with ASCII less than 32.
FILTER_FLAG_STRIP_HIGH FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW Remove ASCII 127 characters.
FILTER_FLAG_ALLOW_FRACTION FILTER_SANITIZE_NUMBER_FLOAT Allowed decimal separator (.)
FILTER_FLAG_ALLOW_THOUSAND FILTER_SANITIZE_NUMBER_FLOAT, FILTER_VALIDATE_FLOAT Allows thousands of separators (,)
FILTER_FLAG_ALLOW_SCIENTIFIC FILTER_SANITIZE_NUMBER_FLOAT Scientific notation (e or E) is allowed ).
FILTER_FLAG_NO_ENCODE_QUOTES FILTER_SANITIZE_STRING Do not encode the quotation marks (single quotation marks and double quotation marks ).
FILTER_FLAG_ENCODE_LOW FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAW Encode ASCII less than 32 characters.
FILTER_FLAG_ENCODE_HIGH FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAW Encode ASCII letters greater than 127.
FILTER_FLAG_ENCODE_AMP FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAW Encoding & symbol.
FILTER_NULL_ON_FAILURE FILTER_VALIDATE_BOOLEAN Returns null when the verification data is not the following string (yes, no, true, false, on, off ).
FILTER_FLAG_ALLOW_OCTAL FILTER_VALIDATE_INT The octal value (starting with 0) is allowed ).
FILTER_FLAG_ALLOW_HEX FILTER_VALIDATE_INT A hexadecimal value is allowed. (Starting with 0X or 0x ).
FILTER_FLAG_IPV4 FILTER_VALIDATE_IP String in IP4 format.
FILTER_FLAG_IPV6 FILTER_VALIDATE_IP String in IP6 format.
FILTER_FLAG_NO_PRIV_RANGE FILTER_VALIDATE_IP The private IP address specified by RFC. The following range of IP4 is 10.0.0.0/8, 172.16.0.0/24/24, 12,192.168 .0.0/16. Or a domain starting with IP6: FD or FC
FILTER_FLAG_NO_RES_RANGE FILTER_VALIDATE_IP The value is not within the reserved IP address range. IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16,192.0 .2.0/24 and 224.0.0.0/4. It cannot be applied to ip6.
FILTER_FLAG_PATH_REQUIRED FILTER_VALIDATE_URL Required URLContains the path section.
FILTER_FLAG_QUERY_REQUIRED FILTER_VALIDATE_URL Required URLQuery string.

Bytes. Today's network is focusing more on interaction with users. users are no longer just Site viewers, but also content makers...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.