Use filters in PHP for data security filtering

Source: Internet
Author: User
Using filters in PHP for data security filtering is an eternal topic. any PHPer will inevitably require data verification and filtering. The common verification method is that, as long as there is a little experience of PHPer, you can write, but it is only a matter of security. Here I will introduce a method for using Filter in PHP Filt PHP for data security filtering.

Security is an eternal topic. any PHPer will inevitably require data verification and filtering. The common verification method is that, as long as there is a little experience of PHPer, you can write, but it is only a matter of security. Here I will introduce a method to verify using PHP Filter, which is simple and efficient.


Filter was used as part of the PHP extension (PECL), and the external library file needs to be loaded during use. However, versions later than PHP 5.2 have been compiled into PHP, so no load is required during use. Currently, filter provides the following functions: filter_has_var, filter_id, filter_input_array, filter_input, filter_var_array, and filter_var. Only two of the most commonly used filter_var and filter_input are described here. Filter_var is used to filter the content of internal variables on the page, and filter_input is used to filter the content of external variables (such as POST, GET, and COOKIE.

?

First, let's introduce the filter_var function. First, let's look at the function prototype:
Mixed filter_var (mixed $ variable [, int $ filter [, mixed $ options])
$ Variable -- variable to be filtered
$ Filter -- ID constant of the type to be filtered
$ Options -- filter type parameters


The $ filter parameter is a predefined constant with special meanings. for example, FILTER_VALIDATE_INT indicates the verification of integer variables, and FILTER_VALIDATE_EMAIL indicates the verification of the email format. (For more constants, see the Filter section in the PHP Manual, which contains a detailed list of the parameters)


In the case of returned values, when matching, the original content is returned correctly, and if a matching error is returned, false is returned. when filtering, the filtered content is returned.


The following are some examples:

 Array ("min_range" => 0, "max_range" => 256); var_dump (filter_var ($ var,FILTER_VALIDATE_INT, $ Int_options) // test the Email format $ var = 'linvo @ 126.com '; var_dump (filter_var ($ var, FILTER_VALIDATE_EMAIL); $ var = 'linvo @ 126com '; var_dump (filter_var ($ var, FILTER_VALIDATE_EMAIL); // test the IP format $ var = '11. 22.33.44 '; var_dump (filter_var ($ var, FILTER_VALIDATE_IP); $ var = '2017. 222.333.444 '; var_dump (filter_var ($ var, FILTER_VALIDATE_IP); // URL format test $ var = 'http: // Encode (filter_var ($ var, FILTER_V ALIDATE_URL); $ var = 'www .linvo2008.cn/blog'invalid var_dump (filter_var ($ var, FILTER_VALIDATE_URL); // remove hypertext tag test $ var = 'This is a link test! '; Var_dump (filter_var ($ var, FILTER_SANITIZE_STRING ));
?

You can run the command to check the result. In addition, you can set the verification type in detail for the third $ options parameter. For example, when verifying the IP address, you can use this parameter to set the filter rule to IPv4 or IPv6:

?

 ?

For other detailed parameters, see The PHP Manual.

?

The above is the filtering of internal variables on the page, but we hope that the user can directly verify the input data. The data is from external variables, and the filter_input function is used:


Mixed filter_input (int $ type, string $ variable_name [, int $ filter [, mixed $ options])
The function prototype shows that the first $ type parameter is added in addition to the three original parameters. This parameter is used to set the array where the variable to be filtered is located, which is equivalent to storing the variable in the $ _ post array in POST mode, and saving the variable in the $ _ get array in GET mode. It is also set through predefined constants, such as: post corresponds to INPUT_POST and get corresponds to INPUT_GET. (For more constants, see The PHP Manual)
Here is an example. this example consists of two pages: index.html front-end form page and do. php backend processing page.


File: index.html

?

?

File: do. php

?

  Error';echo 'Name:',$name;$msg  = $qq === false ? $error : $qq;echo 'QQ:',$msg;$msg  = $email === false ? $error : $email;echo 'Email:',$msg;$msg  = $blog === false ? $error : $blog;echo 'Blog:',$msg;
?

Index.html page demo effect (before submission ):

Do. php page demo effect (after submission ):

At this point, you should have mastered the use of filters. more use cases will be available for you to explore :)

?

Reference: http://www.w3school.com.cn/php/php_ref_filter.asp

?

?

?

?

?

?

?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.