In the past, for common SQL injection and other vulnerabilities, the way to take is generally to filter the data, and the $_get/$_post/$_cookie/$_server and other global array variables directly use is not safe, so PHP 5.2.0 later, The Filter series function is introduced to filter the data of external scripts, such as the email address in the Post form to verify, then set the $filter parameter to Filter_validate_email.
function name : filter_input
function : Gets input from outside the script and filters it. used to validate variables from non-secure sources, such as the user's input.
format :mixed filter_input (int $type , string $variable [, int $filter = Filter_default [,mixed $options]])
return value : If successful, the filtered data is returned, false if it fails, or null if the variable parameter is not set.
Parameter description:
|
|
required. Specifies the type of input. Input_get, Input_post, Input_cookie, input_env, input_server |
Variable |
Necessary. Specifies the variables to filter. |
Filter |
optional. Specifies the ID of the filter to be used. The default is Filter_default. php Manual: http://www.php.net/manual/zh/filter.filters.php |
Options |
Optional. Specifies an array that contains flags/options. Check the possible flags and options for each filter. |
Example:
1 $_get[' search '] = ' foo ';//This have no effect on the Filter_input2 3 $search _html= Filter_input (input_get, ' search ',filter_sanitize_special_chars);4 $search _url= Filter_input (input_get, ' search ',filter_sanitize_encoded);5 Echo"You are searched for$search _html. \ n ";6 Echo"<a href= '? search=$search _url' >search again.</a> ';7 8 //sample code from comments in the PHP manual9 //http://www.php.net/manual/zh/function.filter-input.php#99124