PHP Security Filtering and Example tutorial

PHP Security Filtering and Example tutorial
PHP filters are an extension of PHP that helps you to easily and reliably validate strings and variables so that you will never be afraid of the following statements:

<?php

Include ($_get[' filename ')]

?>

Even worse:

<?php

mysql_query ("INSERT into table (field) VALUES ({$_post[' value ']}");

?>

Variable Filter

By using filters to filter variables, you can use the Filter_var () function to try to verify whether a variable is an integer, such as:

$variable = 1122;

Eecho Filter_var ($variable, filter_validate_int);

Because the variable holds an integer, the code says 1122. If our variable value is "a344", nothing will be printed on the screen because the validation fails.

Okay, well, maybe you're saying it's just a fun trick, but there's more, let's see, when we want to make sure our variable is a plastic, it ranges from 5 to 10, what do we do:

<?php

$variable = 6;

$minimum _value = 5;

$minimum _value = 10;

Echo Filter_var ($variable, Filter_validate_int,array ("option" =>array ("Min_range" => $minimum _value, "Max_ Range "=> $maximum _value)));

?>

Thus, the variable must be within range-as the example above-the number 6 will be displayed on the screen.

PHP provides a really good way to detect floating-point values-the most useful thing for us is to check whether a value has two decimal points when building a shopping cart. For example, the following will show that "31.53" is a legitimate floating-point number.

<?php

$num = 31.53;

if (Filter_var ($num, filter_validate_float) ===false) {

echo $num. "is lawful";

}else{

Echo $num "is an illegal floating-point number";

}

Try verifying the format of a URL? You might need to look at the RFC1738 specification and then open your PHP text editor to write a class to validate it, which could take thousands of lines of code, right?

Well, in fact, PHP can automatically help you with URL filters:

<?php

$url = Http://www.somewebsite.domain;

if (Filter_var ($url, filter_validate_url) = = FALSE) {

echo $url. "Not a legitimate url<br/>";

}else{

echo $url. "is a lawful url<br/>";

}

Now, you might say, these things you say are useless to me: email verification, verification of it you must pass regular expressions, right? Wrong! PHP's filter_validate_email can make it very simple, even effortless:

<?php

$email = wxysky@somehost.com;

if (Filter_var ($email, filter_validate_email) = = False) {

echo $email. "Unlawful";

}else{

echo $email. "Lawful";

}

Now, do you think you can take the time to learn about it? E-mail verification is a big problem, especially for beginners, in my opinion, we should be happy to have them ...

But that's just not enough, so we're doing something else, like deleting HTML tags for strings, and how:

<?php

$string = "<p>text</p>";

Echo Filter_var ($string, filter_sanitize_string);

?>

In this way, we will get a "text" without a label;

Conclusion:

Here, we see a few examples of what a PHP filter can do, and of course the most important thing is to validate your code-as we all know, but actually doing something else. I just want to give you here, to write code to friends, whether you are a novice or an expert-a validated way to help you from the bad code to travel gradually into good code. Your code must be the best, you can do