When friends learn the PHP language, they will definitely pay attention to security issues in the actual development process. So, today we will introduce to you the primary measure to ensure PHP security-verification data. Validation of data is the most important habit you can adopt. And when it comes to input, it's very simple: don't trust the user. When validating data to secure PHP, remember that it's often easier to design and validate the values your application allows than to protect against all unknown values.
General validation tips that apply to various types of validation data are listed below:
1. Use values from the whitelist
2. Always re-validate limited options
3. Use the built-in escape function
4. Verify that the correct data type (such as a number)
The value in the white-listed value (White-listed value) is the correct value , as opposed to an invalid blacklist value (Black-listed value). The difference between the two is that typically when validating data, the list or range of possible values is smaller than the list or range of invalid values, many of which may be unknown or unexpected values.
To this end, our PHP Chinese website provides 10 useful PHP data verification libraries for everyone to download and refer to. (Note: For more data verification class library resources, please pay attention to: php Chinese website data verification class library)
1. PHP code implementation form data verification class library
Introduces the PHP code to implement form data verification class, such as checking the legality of input content, judging Chinese and English, whether the string length meets the requirements, verifying mobile phone number, email address, generating thumbnails, obtaining IP addresses, and capturing Get remote pictures, this is a very comprehensive form validation class, almost all validations are included, making it easy for everyone to learn and use.
2. php verification login class
introduces a simple PHP implementation of user login and verification class code, without separating login and database query, cookie Settings, database settings, user acquisition value, verification SESSION, verification COOKIE.
3. php parameter filtering, data filtering class
Basic principles of php submission data filtering
1) When submitting variables into the database, we must Use addslashes() for filtering. For example, our injection problem can be solved with just one addslashes(). In fact, when it comes to variable values, the intval() function is also a good choice for filtering strings.
2) Enable magic_quotes_gpc and magic_quotes_runtime in php.ini. magic_quotes_gpc can change the quotation marks in get, post, and cookie into slashes. magic_quotes_runtime can play a formatting role in data entering and exiting the database. In fact, this parameter was very popular back in the old days when injection was crazy.
3) When using system functions, you must use escapeshellarg(), escapeshellcmd() parameters to filter, so that you can use system functions with confidence.
4) For cross-site, both parameters of strip_tags() and htmlspecialchars() are good. All tags with html and php submitted by users will be converted. For example, angle brackets "<" will be converted into harmless characters such as "<".
$new = htmlspecialchars("Test", ENT_QUOTES);
strip_tags($text,);
5) For filtering of related functions, Just like the previous include(), unlink, fopen(), etc., as long as you specify the variables you want to perform the operation or filter the relevant characters strictly
4. php ID card verification related classes
php ID card verification related class, PHP automatically obtains the corresponding constellation function according to the ID number, automatically returns the corresponding constellation according to the ID number, and automatically returns the corresponding zodiac sign according to the ID number. , automatically returns the gender according to the ID number, checks whether it is the ID number, and extracts the corresponding characters from the verification code string according to the serial number.
5. php data checking class
Introduces a php data checking class commonly used in php development for your friends to learn and refer to, with some judgments added, such as : Whether it is IPv4, whether it is an email address, whether it is a URL, whether it is a positive integer, whether it is within the range, and whether it is a valid length.
6. A good php verification class
Number verification, name matching, such as user name, directory name, etc., whether to support Chinese, supported by default, if so Matching file names, it is recommended to turn this off (false), email verification, mobile phone number verification, URL verification, pure URL format, IP verification is not supported.
7. Full-featured php verification class
Share an scalable and fully-functional php verification class. All kinds of verifications in the class can be adjusted and implemented by yourself. Now for the basic implementation. If you need to add a rule, define the method directly, and the method name is the rule name. Please refer to the usage method for details.
8. TP3.2’s simple data verification php class
is used to handle the verification of Model entry data. Many times, when we process data in the Model, we will pass in many parameters at once. At this time, we may need to judge the parameters, whether there are fewer parameters, and whether the format of the parameters is correct. If there are a lot of if judgments every time, it will It's very troublesome. I have used CI before, which has a class to verify the data submitted by the form, and then I wrote this method according to my habit.
9. php verification class
Check whether the input is a number, check whether the input is a phone number, check whether the input is a mobile phone number, check whether the input For zip code, email address legality check, name and nickname legality check, you can only enter Chinese and English to check whether an (English) domain name is legal.
10. php Common Form Validation Classes
Mainly introduces the usage of common php form validation classes, and analyzes common php validation techniques for form elements with examples. Data export and restore special characters. The incoming value can be a string or one/two-dimensional array. The data display and restore data format is mainly used for content output. The incoming value can be a string or one/two-dimensional array.
[Related Class Library Recommendations]
1.[php unlimited classification] Summarizes the most complete php unlimited classification library download and text video tutorial
2. 【php send mail class library】10 php send mail class library download
3.【php thumbnail class】The latest 10 using php to generate thumbnails Download sketch library
4.[php verification code class] Share 10 useful php verification code class codes
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
