Take you through PHP filters in three minutes (detailed examples)

In the previous article, I brought you "PHP Form Learning: The Use and Differences of $_GET and $_POST Variables", which detailed the differences between $_GET variables in PHP and Knowledge about the $_POST variable. In this article, we will take a look at the knowledge about filters in PHP. I hope it can help you!

In the previous article we learned about $_GET variables and $_POST variables, which were mentioned Regarding security issues, the PHP filters discussed in this article are used to verify and filter data from non-secure sources, such as user input. Next, let’s take a look at the relevant knowledge of filters in PHP. Let’s take a look.

PHP filter

What is a filter, you can first simply understand the filter as Filter out unsafe data. So why do we use Weiwei? In our daily development, almost all web applications rely on external input. These data usually come from other applications like web services or from users. Through the use of filters we can ensure that the application gets the correct input type.

We should filter external data like input data from forms, cookies, server variables, database query results, etc. It is important to filter input, so we need to use filters .

PHP filters are used to validate and filter data from non-secure sources. They are an important part of any web application when testing, validating and filtering user input or custom data. It is designed to It makes data processing easier and faster.

Functions and filters

When we need to filter variables, we can use many filter functions: filter_var( ) Filter a single variable through a specified filter; filter_var_array() Filter multiple variables through the same or different filters; filter_input Get an input variable , and filter it;filter_input_arrayGet multiple input variables and filter them through the same or different filters.

Next, let’s take an example to verify an integer through the filter_var() function. The example is as follows:

<?php
header("Content-type:text/html;charset=utf-8");
$int = 123;
if(!filter_var($int, FILTER_VALIDATE_INT))
{
    echo("不是一个合法的整数");
}
else
{
    echo("是个合法的整数");
}
?>

Output result:

The above example verifies an integer through the filter_var() filter function. Next, let’s take a look at the two commonly used filters.

• <strong>Validating</strong> Filter: Used to validate user input, with strict format rules (such as URL or E -Mail validation), returning the expected type if successful, or FALSE if failed.

• <strong>Sanitizing</strong> Filter: used to allow or prohibit specified characters in the string, no data format rules , always returns a string.

Options and flags

Options and flags are used to add additional filtering to the specified filter options. Different filters have different options and flags.

Next let's look at an example using filter_var() and "min_range" and "max_range" options to verify an integer, The example is as follows:

<?php
header("Content-type:text/html;charset=utf-8");
$var=300;
$int_options = array(
    "options"=>array
    (
        "min_range"=>0,   //最小值
        "max_range"=>256  //最大值
    )
);
if(!filter_var($var, FILTER_VALIDATE_INT, $int_options))
{
    echo("不是一个合法的整数");
}
else
{
    echo("是个合法的整数");
}
?>

Output result:

In the above example, it is important to note that: just like the above code, the options must into a related array called "options". If using flags, they don't need to be in an array. Since the integer is "300", it is not within the specified range, so the output is as above.

Validating input

Next let’s try to validate the input from the form. The first thing we need to do is confirm that the input data we are looking for exists. Then we use the filter_input() function to filter the input data.

Next, let’s take an example to see how the input variable "email" is passed to the PHP page using GET. The example is as follows:

<?php
header("Content-type:text/html;charset=utf-8");
if(!filter_has_var(INPUT_GET, "email"))
{
    echo("没有 email 参数");
}
else
{
    if (!filter_input(INPUT_GET, "email", FILTER_VALIDATE_EMAIL))
    {
        echo "不是一个合法的 E-Mail";
    }
    else
    {
        echo "是一个合法的 E-Mail";
    }
}
?>

Output result:

What we need to pay attention to is: the above example has an input variable (email) transmitted through the "GET" method. Check whether there is an "email" input variable of the "GET" type. If there is an input variable , to check whether it is a valid e-mail address.

净化输入

让我们试着清理一下从表单传来的 URL。首先，我们要确认是否存在我们正在查找的输入数据。然后，我们用 filter_input() 函数来净化输入数据。

下面我们通过示例来看一下输入变量 "url" 被传到 PHP 页面，示例如下：

<?php
header("Content-type:text/html;charset=utf-8");
if(!filter_has_var(INPUT_GET, "url"))
{
    echo("没有 url 参数");
}
else
{
    $url = filter_input(INPUT_GET,
        "url", FILTER_SANITIZE_URL);
    echo $url;
}
?>

输出结果：

其中我们需要注意的是：

FILTER_SANITIZE_URL 过滤器删除字符串中所有非法的 URL 字符。上面的实例有一个通过 "GET" 方法传送的输入变量 (url)：检测是否存在 "GET" 类型的 "url" 输入变量，如果存在此输入变量，对其进行净化（删除非法字符），并将其存储在 $url 变量中。

大家如果感兴趣的话，可以点击《PHP视频教程》进行更多关于PHP知识的学习。

The above is the detailed content of Take you through PHP filters in three minutes (detailed examples). For more information, please follow other related articles on the PHP Chinese website!