PHP Security Filtering and Example tutorial

Source: Internet
Author: User
Tags html tags

PHP Security Filtering and Example tutorial
PHP filters are an extension of PHP that helps you to easily and reliably validate strings and variables so that you will never be afraid of the following statements:

<?php


Include ($_get[' filename ')]

?>

Even worse:

<?php


mysql_query ("INSERT into table (field) VALUES ({$_post[' value ']}");


?>


Variable Filter


By using filters to filter variables, you can use the Filter_var () function to try to verify whether a variable is an integer, such as:


$variable = 1122;


Eecho Filter_var ($variable, filter_validate_int);


Because the variable holds an integer, the code says 1122. If our variable value is "a344", nothing will be printed on the screen because the validation fails.


Okay, well, maybe you're saying it's just a fun trick, but there's more, let's see, when we want to make sure our variable is a plastic, it ranges from 5 to 10, what do we do:

<?php


$variable = 6;


$minimum _value = 5;


$minimum _value = 10;


Echo Filter_var ($variable, Filter_validate_int,array ("option" =>array ("Min_range" => $minimum _value, "Max_ Range "=> $maximum _value)));

?>


Thus, the variable must be within range-as the example above-the number 6 will be displayed on the screen.


PHP provides a really good way to detect floating-point values-the most useful thing for us is to check whether a value has two decimal points when building a shopping cart. For example, the following will show that "31.53" is a legitimate floating-point number.


<?php

$num = 31.53;

if (Filter_var ($num, filter_validate_float) ===false) {


echo $num. "is lawful";

}else{


Echo $num "is an illegal floating-point number";

}


Try verifying the format of a URL? You might need to look at the RFC1738 specification and then open your PHP text editor to write a class to validate it, which could take thousands of lines of code, right?


Well, in fact, PHP can automatically help you with URL filters:

<?php

$url = Http://www.somewebsite.domain;

if (Filter_var ($url, filter_validate_url) = = FALSE) {


echo $url. "Not a legitimate url<br/>";

}else{


echo $url. "is a lawful url<br/>";

}


Now, you might say, these things you say are useless to me: email verification, verification of it you must pass regular expressions, right? Wrong! PHP's filter_validate_email can make it very simple, even effortless:

<?php

$email = wxysky@somehost.com;

if (Filter_var ($email, filter_validate_email) = = False) {


echo $email. "Unlawful";

}else{


echo $email. "Lawful";

}


Now, do you think you can take the time to learn about it? E-mail verification is a big problem, especially for beginners, in my opinion, we should be happy to have them ...

But that's just not enough, so we're doing something else, like deleting HTML tags for strings, and how:

<?php

$string = "<p>text</p>";

Echo Filter_var ($string, filter_sanitize_string);

?>


In this way, we will get a "text" without a label;


Conclusion:

Here, we see a few examples of what a PHP filter can do, and of course the most important thing is to validate your code-as we all know, but actually doing something else. I just want to give you here, to write code to friends, whether you are a novice or an expert-a validated way to help you from the bad code to travel gradually into good code. Your code must be the best, you can do

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.