PHP filter implementation code_PHP tutorial-PHP Tutorial-php.cn

In the past, a user mainly obtained information through the Internet. Today's Internet pays more attention to interaction with users. Users are no longer just website viewers, but also producers of website content. It has developed from the previous simple "reading" to "writing" and "co-creation", and from passively receiving information to actively branching information. The ensuing security issues have become an issue that web developers cannot ignore. Verifying data from third-party sources has become an essential function of every web program.

In the past, PHP needed to verify data, which was usually implemented by programmers themselves through regular expressions. However, starting from PHP 5.2, the filter function in the original PCEL was moved to the built-in library, and many improvements were made. With less reinforcement, you can use these functions to filter and verify data.

Data sources and verification types
Data sources in PHP include two parts, one is external variables (such as POST, GET, COOKIE, etc.), and the other is data generated internally on the page. PHP defines the ilter_input_** and filter_var_** series of functions for these two data types respectively. According to the different verification methods, it can be divided into two types: Validating and Sanitizing. Validating is used to verify data and returns a Boolean value. Sanitizing filters some specific characters according to rules and returns the processed string.

Simple usage
For example, to verify whether a string is an integer, in the past we could use regular expressions or the is_numeric function to achieve this:

Copy the code The code is as follows:

 
$str = '51ab'; 
preg_match('/^[0-9]*$/', $str); 
is_numeric($str); 

The new verification function can be used in the following way:

$str = '51ab';
echo filter_var($str, FILTER_VALIDATE_INT) ? 'is valid' : 'is not valid'; FILTER_VALIDATE_INT is a filter defined by PHP, used to verify whether $str is an integer. In fact, this is a numerical constant, and the value is 257 found through echo FILTER_VALIDATE_INT;. So we can also use:

$str = '51ab';
echo filter_var($str, 257) ? 'is valid' : 'is not valid'; A large number of commonly used filters are defined in PHP Filter, we can get all supported filter names (represented by strings) through filter_list(), and then use filter_id(string) to get their values:

print_r(filter_list()); // All supported The filter name.
echo '=========';
echo filter_id('int'); // 'int' is a filter name returned by filter_list. The above will output something similar to the following:

array(0=>int',1=>'boolean',2=>'float',3=>'validate_regexp')
==========
257Sanitizing filter
The above is to verify whether the data format is correct. Sometimes it is also important to filter out irrelevant content. SANITIZE filtering provides this function, such as filtering out extra characters in an email:

$email = '