php filter_input函数
在 php教程5.2 中,内置了filter 模块,用于变量的验证和过滤。
过滤变量等操作可以参看我原先提及的,这里我们看下如何直接过滤用户输入的内容。
fliter 模块对应的 filter_input 函数使用起来非常的简单,例如我们过滤用户输入名为 sample 的 get 参数为整型,那么可以这样写
filter_input(input_get, "sample", filter_sanitize_number_int);
filter_input 的参数分别是用户输入类型、对应的输入名称、以及过滤(验证)常量。目前 filter_input 支持下面几种用户输入
input_get // 对应 $_get
input_post // 对应 $_post
input_cookie // 对应 $_cookie
input_server // 对应 $_server
input_env // 对应 $_env
配合内置提供的各种验证标记符,就可以解决类似的用户输入过滤等“体力活”。
最后,还是需要再提下 filter 的个不大不小的陷阱
filter_var('abc', filter_validate_boolean); // bool(false)
filter_var('0', filter_validate_boolean); // bool(false)
php arch 上重新提及 fliter 模块,的确这个模块能节省我们不少的时间,这里再次整理下。
$_get 和 $_post 等用户提供的数据如果使用不当,如验证、过滤不全面,就很容易造成安全问题。通常情况下,我们会编写“一坨”正则来验证数据格式是否合法。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Linux new version
SublimeText3 Linux latest version
Dreamweaver Mac version
Visual web development tools
WebStorm Mac version
Useful JavaScript development tools
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
