Filters for Beginners to PHP

1.php Filter

PHP filter is used to verify and filter data from non-secure sources, such as user input.

2. What is a php filter

PHP filter is used to verify and filter data from non-secure sources.

Testing, validating, and filtering user input or custom data are important parts of any web application. PHP's filter extension is designed to make data filtering easier and faster

3. Why use filters

Nearly all web applications rely on external input. This data usually comes from users or other applications (such as web services). By using filters, you can ensure that your application gets the correct input type

Filtering external data will improve security, so what external data is there?

(1).Input data from the form

(2).Cookies

(3).Web services data

(4).Server Variables

(5).Database query results

Function and filter

If you need to filter variables, please use the following One of the filter functions:

filter_var() - Filters a single variable by a specified filter

filter_var_array() - Filters multiple variables by the same or different filters Variables

filter_input - Gets an input variable and filters it

filter_input_array - Gets multiple input variables and filters them by the same or different filters

<?php
	header("Content-type: text/html; charset=utf-8");//设置编码
	$int = 123;
	if(!filter_var($int, FILTER_VALIDATE_INT)){
		echo("不是一个合法的整数");
	}else{
		echo("是个合法的整数");
	}
?>

Note: When we write a legal integer, the output will be a legal integer. If not, the output will not be a legal integer

Validating and Sanitizing These are two types of filtering Filter

Validating filter:

Used to validate user input

Strict format rules (such as URL or E-Mail validation)

If successful Returns the expected type, or FALSE on failure

Sanitizing filter:

Used to allow or disallow specified characters in a string

No data format rules

Always returns a string

Options and flags

Options and flags are used to add additional filtering options to the specified filter.

Different filters have different options and flags

<?php
	header("Content-type: text/html; charset=utf-8");//设置编码
	$var=300;

$int_options = array(
		"options"=>array(
			"min_range"=>0,
			"max_range"=>256
			)
		);

	if(!filter_var($var, FILTER_VALIDATE_INT, $int_options)){
		echo("不是一个合法的整数");
	}else{
		echo("是个合法的整数");
	}
?>

Note: Like the code above, the options must be put into a related array called "options". If using flags, they don't need to be in an array. Since the integer is "300", it is not within the specified range

Validating the input

Let's try to validate the input from the form enter.

The first thing we need to do is confirm that the input data we are looking for exists.

Then we use the filter_input() function to filter the input data.

In the following example, the input variable "email" is passed to the PHP page

<?php
	header("Content-type: text/html; charset=utf-8");//设置编码
	if(!filter_has_var(INPUT_GET, "email")){
		echo("没有 email 参数");
	}else{
		if (!filter_input(INPUT_GET, "email", FILTER_VALIDATE_EMAIL)){
			echo "不是一个合法的 E-Mail";
		}else{
			echo "是一个合法的 E-Mail";
		}
	}
?>

Note: When a form transmits data, first check whether there is data transmitted by get

Then if there is data transmitted, determine whether it is a legal email

Sanitize input

Let’s try to sanitize the URL passed in from the form.

First, we need to confirm that the input data we are looking for exists.

Then, we use the filter_input() function to purify the input data.

In the following example, the input variable "url" is passed to the PHP page:

<?php
	header("Content-type: text/html; charset=utf-8");//设置编码
	if(!filter_has_var(INPUT_GET, "url")){
		echo("没有 url 参数");
	}else{
		$url = filter_input(INPUT_GET, 
		"url", FILTER_SANITIZE_URL);
		echo $url;
	}
?>

Note: Check whether there is an "url" input variable of type "GET".

If this input variable exists, sanitize it (remove illegal characters) and store it in the $url variable


Continuing Learning
||
<?php header("Content-type: text/html; charset=utf-8");//设置编码 $int = 123; if(!filter_var($int, FILTER_VALIDATE_INT)){ echo("不是一个合法的整数"); }else{ echo("是个合法的整数"); } ?>
submitReset Code