PHP Built in Filter FILTER Use Example
- 2021-07-06 10:18:35
- OfStack
In this chapter 1, we look at a less commonly used but powerful PHP feature: FILTERS, which can be used for validation (validation) and error correction (sanitization)
Data sources are useful when they contain unknown or uncertain data, at most for processing data submitted by customers from an HTML form (form)
The extension contains two main types of filtering: validation (validation) and error correction (sanitization)
Validation (validation) is mainly used to check whether the data meets certain conditions. For example, when FILTER_VALIDATE_EMAIL is passed in, it will check whether the email address is valid, and will not correct the error when it finds that it does not meet the specification
Error Correction (sanitization) will process the data to convert or remove non-compliant characters. For example, when FILTER_SANITIZE_EMAIL is passed in, it will process non-compliant characters contained in the mail address, but it will not check whether the mail address is valid
For details, see: http://in.php.net/manual/en/book.filter.php
Tip: FILTER was added in PHP 5.2
This article introduces the verification under 1 (validation) Filters
FILTER_VALIDATE_BOOLEAN: Validate the value as a Boolean option, and set the "1", "true", "on" And "yes" Return TRUE , The rest return FALSE
FILTER_VALIDATE_EMAIL: Validate the value as an email address
FILTER_VALIDATE_FLOAT: Validate values as floating-point numbers
FILTER_VALIDATE_INT: Validate the value as an integer, and select the range
FILTER_VALIDATE_IP: Take the value as the IP Validate
FILTER_VALIDATE_REGEXP: According to compatibility Perl Validate the value with the regular expression of
FILTER_VALIDATE_URL: Take the value as the URL Validate
Example:
Verify email address (Email Address):
<?php
$email_a = 'onedayin2013@shawn.com';
$email_b = 'invalid@email';
if (filter_var($email_a, FILTER_VALIDATE_EMAIL)) {
echo "This ($email_a) email address is valid.";
} else {
echo "This ($email_a) email address is invalid.";
}
if (filter_var($email_b, FILTER_VALIDATE_EMAIL)) {
echo "This ($email_b) email address is valid.";
} else {
echo "This ($email_b) email address is invalid.";
}
// Output the following :
This (onedayin2013@shawn.com) email address is valid.
This (invalid@email) email address is invalid.
?>
Verify the IP address:
<?php
$ip_a = '127.0.0.1';
$ip_b = '52.69';
if (filter_var($ip_a, FILTER_VALIDATE_IP)) {
echo "This ($ip_a) IP address is valid.";
}else{
echo "This ($ip_a) IP address is invalid.";
}
if (filter_var($ip_b, FILTER_VALIDATE_IP)) {
echo "This ($ip_b) IP address is valid.";
}else{
echo "This ($ip_b) IP address is invalid.";
}
// Output the following :
This (127.0.0.1) IP address is valid.
This (52.69) IP address is invalid.
?>
Error Correction (sanitization) Filters
FILTER_SANITIZE_EMAIL: Remove all characters, In addition to letters, numbers and !#$%&'*+-/=?^_`{|}~@.[].
FILTER_SANITIZE_ENCODED: Removal URL Encode unnecessary characters, And urlencode() Functions are very similar
FILTER_SANITIZE_MAGIC_QUOTES: Adds a backslash before the specified predefined character, Single quotation marks ( ' ), double quotation marks ( " ), backslash ( \ ) and NULL
FILTER_SANITIZE_NUMBER_FLOAT: Remove all characters, In addition to numbers, +- And optional (.,)
FILTER_SANITIZE_NUMBER_INT: Remove all characters, Except for numbers and +-
FILTER_SANITIZE_SPECIAL_CHARS: Used for "<>& As well as ASCII Value in 32 To escape the characters below the value
FILTER_SANITIZE_STRING: Delete data that is potentially harmful to your application. It is used to remove labels and delete or encode unnecessary characters
FILTER_SANITIZE_STRIPPED: Remove or encode unnecessary characters, is FILTER_SANITIZE_STRING Alias of
FILTER_SANITIZE_URL: Remove all characters, In addition to letters, numbers and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=.
FILTER_UNSAFE_RAW: No filtering, removal, or encoding of special characters
Example:
<?php
$invalid_email = "(corrupted@foo dot com)";
if (!filter_var($invalid_email, FILTER_VALIDATE_EMAIL)) {
$sanitized_email = filter_var($invalid_email, FILTER_SANITIZE_EMAIL);
echo "This ($invalid_email) email address is invalid.";
echo "Sanitized Email is: $sanitized_email";
}
// Output the following :
This ((corrupted@foo dot com)) email address is invalid.
Sanitized Email is: corrupted@foo.com
?>
Filter GET and POST variables
filter_input(input_type, variable, filter, options)
// Function gets input from outside the script to validate variables from unsecured sources, such as user input
// You can get input from the following sources
INPUT_GET INPUT_POST INPUT_COOKIE INPUT_ENV INPUT_SERVER
input_type Specify the input type, See the possible types above
variable Specify the variables to be filtered
filter Optional. That specifies the filter to be used ID . The default is FILTER_SANITIZE_STRING .
Example:
<?php
$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);
$search_url = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);
echo "You have searched for $search_html.";
echo "<a href="sunzhenghua.com?search=$search_url">Search again.</a>";
?>