Home  >  Article  >  Backend Development  >  PHP built-in filter FILTER usage example_PHP tutorial

PHP built-in filter FILTER usage example_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 10:26:04722browse

In this chapter, we take a look at a less commonly used but powerful PHP feature: FILTERS. This extension can be used for validation and sanitization

It becomes very useful when the data source contains unknown or uncertain data. It is most useful for processing data submitted by customers from HTML forms

This extension contains two main filter types: validation and sanitization

Validation is mainly used to check whether the data meets specific conditions. For example: when FILTER_VALIDATE_EMAIL is passed in, it will check whether the email address is valid. When it is found that it does not meet the specifications, no error correction will be performed

Sanitization will process the data and convert or remove characters that do not conform to the specification. For example: when FILTER_SANITIZE_EMAIL is passed in, it will process the characters that do not conform to the specification in the email address, but will not remove them. Check if the email address is valid

Details can be found at: http://in.php.net/manual/en/book.filter.php
Tip: FILTER was added in PHP 5.2 version

Here is an introduction to validation Filters

Copy code The code is as follows:
FILTER_VALIDATE_BOOLEAN: Validate the value as a Boolean option, for "1", "true", "on" and " yes" returns TRUE, and the rest returns FALSE
FILTER_VALIDATE_EMAIL: Validate value as email address
FILTER_VALIDATE_FLOAT: Validate the value as a floating point number
FILTER_VALIDATE_INT: Validate the value as an integer, you can select the range
FILTER_VALIDATE_IP: Validate value as IP
FILTER_VALIDATE_REGEXP: Validate values ​​based on Perl-compatible regular expressions
FILTER_VALIDATE_URL: Validate value as URL

Example:

Verification Email Address:
Copy code The code is as follows:

$email_a = 'onedayin2013@shawn.com';
$email_b = 'invalid@email';

if (filter_var($email_a, FILTER_VALIDATE_EMAIL)) {
echo "This ($email_a) email address is valid.";
} else {
echo "This ($email_a) email address is invalid.";
}

if (filter_var($email_b, FILTER_VALIDATE_EMAIL)) {
echo "This ($email_b) email address is valid.";
} else {
echo "This ($email_b) email address is invalid.";
}

//Output the following content:
This (onedayin2013@shawn.com) email address is valid.
This (invalid@email) email address is invalid.
?>

Verify IP address:
Copy code The code is as follows:
$ip_a = '127.0.0.1';
$ip_b = '52.69';

if (filter_var($ip_a, FILTER_VALIDATE_IP)) {
echo "This ($ip_a) IP address is valid.";
}else{
echo "This ($ip_a) IP address is invalid.";
}
if (filter_var($ip_b, FILTER_VALIDATE_IP)) {
echo "This ($ip_b) IP address is valid.";
}else{
echo "This ($ip_b) IP address is invalid.";
}

//Output the following content:
This (127.0.0.1) IP address is valid.
This (52.69) IP address is invalid.
?>

Sanitization Filters

Copy code The code is as follows:
FILTER_SANITIZE_EMAIL: Remove all characters except letters, numbers and !#$%&'*+-/=?^_`{|}~@.[].
FILTER_SANITIZE_ENCODED: Removes characters unnecessary for URL encoding, very similar to the urlencode() function
FILTER_SANITIZE_MAGIC_QUOTES: Add a backslash before the specified predefined characters, single quote ('), double quote ("), backslash () and NULL
FILTER_SANITIZE_NUMBER_FLOAT: Remove all characters except numbers, +- and optional (.,)
FILTER_SANITIZE_NUMBER_INT: Remove all characters except numbers and +-
FILTER_SANITIZE_SPECIAL_CHARS: Used to escape "<>& and characters whose ASCII value is below 32
FILTER_SANITIZE_STRING: Delete data that is potentially harmful to the application. It is used to strip tags and remove or encode unwanted characters
FILTER_SANITIZE_STRIPPED: Removes or encodes unnecessary characters. It is an alias of FILTER_SANITIZE_STRING
FILTER_SANITIZE_URL: Remove all characters except letters, numbers and $-_.+!*'(),{}|\^~[]`<>#%";/?:@&=.
FILTER_UNSAFE_RAW: No filtering, removing or encoding special characters


Example:

Copy code The code is as follows:
$invalid_email = "(corrupted@foo dot com)";

if (!filter_var($invalid_email, FILTER_VALIDATE_EMAIL)) {
$sanitized_email = filter_var($invalid_email, FILTER_SANITIZE_EMAIL);
echo "This ($invalid_email) email address is invalid.";
echo "Sanitized Email is: $sanitized_email";
}

//Output the following content:
This ((corrupted@foo dot com)) email address is invalid.
Sanitized Email is: corrupted@foo.com
?>

Filter GET and POST variables

Copy code The code is as follows:
filter_input(input_type, variable, filter, options)

//The function obtains input from outside the script and is used to verify variables from non-safe sources, such as user input
//Input can be obtained from the following sources
INPUT_GET INPUT_POST INPUT_COOKIE INPUT_ENV INPUT_SERVER

Copy the code The code is as follows:
input_type specifies the input type, see the possible types above
variable specifies the variable to be filtered
filter Optional. Specifies the ID of the filter to use. The default is FILTER_SANITIZE_STRING.

Example:

Copy code The code is as follows:
$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);
$search_url = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);

echo "You have searched for $search_html.";
echo "Search again.";
?>

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/824815.htmlTechArticleIn this chapter, we take a look at a less commonly used but powerful PHP feature: FILTERS, the Extensions can be used for validation and sanitization when the data source contains unknown...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn