PHP Programming Tips: How to handle form data filtering
In web development, forms are a very common way of interaction. Users enter data through forms and put these The data is submitted to the server for processing. However, since user input is uncontrollable, we need to effectively filter and verify form data to ensure data security and reliability. This article will introduce several commonly used PHP programming techniques to help you process form data filtering.
filter_input()
: This function can filter GET, POST, COOKIE and other data, and specify the filter type . For example, we can use filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING)
to filter the POST data named 'name' and convert it to a string. FILTER_SANITIZE_STRING
Used to remove HTML tags and special characters. filter_var()
: This function can filter any type of variable and specify the filter type. For example, we can use filter_var($email, FILTER_VALIDATE_EMAIL)
to verify whether an email address is legitimate. FILTER_VALIDATE_EMAIL
is used to verify email addresses. filter_var_array()
: This function can filter multiple variables in an array. For example, we can use filter_var_array($_POST, $filters)
to filter multiple data in the $_POST array and specify the filter type for each data. $filters is an associative array where the keys are the names of the data and the values are the filter types. The following is a sample code that demonstrates how to use the above filter function to filter form data:
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING); $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $filters = array( 'name' => FILTER_SANITIZE_STRING, 'email' => FILTER_VALIDATE_EMAIL ); $data = filter_var_array($_POST, $filters);
$name = $_POST['name']; if (!preg_match("/^[a-zA-Z ]*$/", $name)) { echo "只允许字母和空格!"; }
In the above code, use the regular expression /^[a-zA-Z ]*$ /
to match strings containing only letters and spaces. If the match fails, a prompt message is output.
$name = $_POST['name']; $email = $_POST['email']; $stmt = $conn->prepare("INSERT INTO users (name, email) VALUES (?, ?)"); $stmt->bind_param("ss", $name, $email); $stmt->execute(); $stmt->close();
In the above code, we use prepared statements and the bind_param() method to insert form data into the database. The first parameter of the bind_param() method is the data type, and "ss" means that both parameters are strings.
Summary:
When processing form data, data filtering is essential. Using filtering functions, regular expressions and SQL injection prevention technology can effectively protect data security and reliability. You need to choose the appropriate filtering method based on actual needs, and pay attention to handling errors and exceptions in the code.
The above is an introduction to PHP programming skills: how to handle form data filtering. I hope it will be helpful to you!
The above is the detailed content of PHP Programming Tips: How to Handle Form Data Filtering. For more information, please follow other related articles on the PHP Chinese website!