PHP Built in Filter FILTER Use Example

In this chapter 1, we look at a less commonly used but powerful PHP feature: FILTERS, which can be used for validation (validation) and error correction (sanitization)

Data sources are useful when they contain unknown or uncertain data, at most for processing data submitted by customers from an HTML form (form)

The extension contains two main types of filtering: validation (validation) and error correction (sanitization)

Validation (validation) is mainly used to check whether the data meets certain conditions. For example, when FILTER_VALIDATE_EMAIL is passed in, it will check whether the email address is valid, and will not correct the error when it finds that it does not meet the specification

Error Correction (sanitization) will process the data to convert or remove non-compliant characters. For example, when FILTER_SANITIZE_EMAIL is passed in, it will process non-compliant characters contained in the mail address, but it will not check whether the mail address is valid

For details, see: http://in.php.net/manual/en/book.filter.php
Tip: FILTER was added in PHP 5.2

This article introduces the verification under 1 (validation) Filters

FILTER_VALIDATE_BOOLEAN:   Validate the value as a Boolean option, and set the  "1", "true", "on"  And  "yes"  Return  TRUE ,   The rest return  FALSE

FILTER_VALIDATE_EMAIL:     Validate the value as an email address 

FILTER_VALIDATE_FLOAT:     Validate values as floating-point numbers 

FILTER_VALIDATE_INT:       Validate the value as an integer, and select the range 

FILTER_VALIDATE_IP:        Take the value as the  IP  Validate 

FILTER_VALIDATE_REGEXP:    According to compatibility  Perl  Validate the value with the regular expression of 

FILTER_VALIDATE_URL:       Take the value as the  URL  Validate 

Example:

Verify email address (Email Address):

<?php

$email_a = 'onedayin2013@shawn.com';

$email_b = 'invalid@email';

 

if (filter_var($email_a, FILTER_VALIDATE_EMAIL)) {

    echo "This ($email_a) email address is valid.";

} else {

    echo "This ($email_a) email address is invalid.";

}

 

if (filter_var($email_b, FILTER_VALIDATE_EMAIL)) {

    echo "This ($email_b) email address is valid.";

} else {

    echo "This ($email_b) email address is invalid.";

}

 

// Output the following :

This (onedayin2013@shawn.com) email address is valid.

This (invalid@email) email address is invalid.

?>

Verify the IP address:

<?php

$ip_a = '127.0.0.1';

$ip_b = '52.69';

 

if (filter_var($ip_a, FILTER_VALIDATE_IP)) {

    echo "This ($ip_a) IP address is valid.";

}else{

    echo "This ($ip_a) IP address is invalid.";

}

if (filter_var($ip_b, FILTER_VALIDATE_IP)) {

    echo "This ($ip_b) IP address is valid.";

}else{

    echo "This ($ip_b) IP address is invalid.";

}

 

// Output the following :

This (127.0.0.1) IP address is valid.

This (52.69) IP address is invalid.

?>

Error Correction (sanitization) Filters

FILTER_SANITIZE_EMAIL:          Remove all characters,   In addition to letters, numbers and  !#$%&'*+-/=?^_`{|}~@.[].

FILTER_SANITIZE_ENCODED:        Removal  URL  Encode unnecessary characters,   And  urlencode()  Functions are very similar 

FILTER_SANITIZE_MAGIC_QUOTES:   Adds a backslash before the specified predefined character,   Single quotation marks ( ' ), double quotation marks ( " ), backslash ( \ ) and  NULL

FILTER_SANITIZE_NUMBER_FLOAT:   Remove all characters,   In addition to numbers, +-  And optional (.,) 

FILTER_SANITIZE_NUMBER_INT:     Remove all characters,   Except for numbers and  +-

FILTER_SANITIZE_SPECIAL_CHARS:  Used for  "<>&  As well as  ASCII  Value in  32  To escape the characters below the value 

FILTER_SANITIZE_STRING:         Delete data that is potentially harmful to your application. It is used to remove labels and delete or encode unnecessary characters 

FILTER_SANITIZE_STRIPPED:       Remove or encode unnecessary characters, is  FILTER_SANITIZE_STRING  Alias of 

FILTER_SANITIZE_URL:            Remove all characters,   In addition to letters, numbers and  $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=.

FILTER_UNSAFE_RAW:              No filtering, removal, or encoding of special characters 

Example:

<?php

$invalid_email = "(corrupted@foo dot com)";

 

if (!filter_var($invalid_email, FILTER_VALIDATE_EMAIL)) {

    $sanitized_email = filter_var($invalid_email, FILTER_SANITIZE_EMAIL);

    echo "This ($invalid_email) email address is invalid.";

    echo "Sanitized  Email is:  $sanitized_email";    

}

 

// Output the following :

This ((corrupted@foo dot com)) email address is invalid.

Sanitized  Email is:  corrupted@foo.com

?>

Filter GET and POST variables

filter_input(input_type, variable, filter, options) 

 

// Function gets input from outside the script to validate variables from unsecured sources, such as user input 

// You can get input from the following sources 

INPUT_GET  INPUT_POST  INPUT_COOKIE  INPUT_ENV  INPUT_SERVER

input_type   Specify the input type,   See the possible types above 

variable     Specify the variables to be filtered 

filter       Optional. That specifies the filter to be used  ID . The default is  FILTER_SANITIZE_STRING . 

Example:

<?php

$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);

$search_url  = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);

 

echo "You have searched for $search_html.";

echo "<a href="sunzhenghua.com?search=$search_url">Search again.</a>";

?>