Filters for Beginners to PHP

1.php Filter

PHP filter is used to verify and filter data from non-secure sources, such as user input.

2. What is a php filter

PHP filter is used to verify and filter data from non-secure sources.

Testing, validating, and filtering user input or custom data are important parts of any web application. PHP's filter extension is designed to make data filtering easier and faster

3. Why use filters

Nearly all web applications rely on external input. This data usually comes from users or other applications (such as web services). By using filters, you can ensure that your application gets the correct input type

Filtering external data will improve security, so what external data is there?

(1).Input data from the form

(2).Cookies

(3).Web services data

(4).Server Variables

(5).Database query results

Function and filter

If you need to filter variables, please use the following One of the filter functions:

filter_var() - Filters a single variable by a specified filter

filter_var_array() - Filters multiple variables by the same or different filters Variables

filter_input - Gets an input variable and filters it

filter_input_array - Gets multiple input variables and filters them by the same or different filters

Note: When we write a legal integer, the output will be a legal integer. If not, the output will not be a legal integer

Validating and SanitizingThese are two types of filtering Filter

Validating filter:

Used to validate user input

Strict format rules (such as URL or E-Mail validation)

If successful Returns the expected type, or FALSE on failure

Sanitizing filter:

Used to allow or disallow specified characters in a string

No data format rules

Always returns a string

Options and flags

Options and flags are used to add additional filtering options to the specified filter.

Different filters have different options and flags

array( "min_range"=>0, "max_range"=>256 ) ); if(!filter_var($var, FILTER_VALIDATE_INT, $int_options)){ echo("不是一个合法的整数"); }else{ echo("是个合法的整数"); } ?>

Note:Like the code above, the options must be put into a related array called "options". If using flags, they don't need to be in an array. Since the integer is "300", it is not within the specified range

Validating the input

Let's try to validate the input from the form enter.

The first thing we need to do is confirm that the input data we are looking for exists.

Then we use the filter_input() function to filter the input data.

In the following example, the input variable "email" is passed to the PHP page

Note: When a form transmits data, first check whether there is data transmitted by get

Then if there is data transmitted, determine whether it is a legal email

Sanitize input

Let’s try to sanitize the URL passed in from the form.

First, we need to confirm that the input data we are looking for exists.

Then, we use the filter_input() function to purify the input data.

In the following example, the input variable "url" is passed to the PHP page: