Use PHP's filter_input_array() function to filter data entered by multiple single users

In PHP development, it is often necessary to process user input data, and untrustworthy user input data can easily cause various security issues, such as SQL injection, XSS attacks, etc. Therefore, when receiving user input, the data needs to be filtered and verified to ensure that the input data meets the requirements to improve the security of the system.

PHP provides the filter_input_array() function to filter single or multiple user input data. This function can improve the security of input data by using filters to validate and filter a set of input data.

This article will introduce how to use PHP's filter_input_array() function to filter data entered by multiple single users, and provide corresponding code examples.

1. filter_input_array() function

The filter_input_array() function is used to verify and filter multiple input data. The definition of this function is as follows:

filter_input_array ( int $type [, mixed $definition [, bool $add_empty = true ]] ) : mixed

This function needs to pass in three parameters:

Parameter 1: type, indicating the data type that needs to be filtered, which can be INPUT_GET, INPUT_POST, INPUT_COOKIE, INPUT_SERVER, etc., the specific meanings are as follows:

• INPUT_GET: Get variables from $_GET;
• INPUT_POST: Get variables from $_POST;
• INPUT_COOKIE: Get variables from $_COOKIE;
• INPUT_SERVER: Get variables from $_SERVER;
• INPUT_ENV: Get variables from $_ENV;
• INPUT_REQUEST: Get variables from $_REQUEST.

Parameter 2: definition, which represents the definition rules of the input data. It can be defined using a set of rule arrays. The specific format is as follows:

array(
    '变量名' => array(
        'filter'   => 指定的验证器,
        'flags'    => 可选的标记,
        'options'  => 可选的选项,
        'name'     => 为变量指定一个替代名称,
    ),
    '变量名2' => array(
        'filter'   => 指定的验证器2,
        'flags'    => 可选的标记,
        'options'  => 可选的选项,
        'name'     => 为变量指定一个替代名称2,
    ),
    //...
);

where, filter represents the specified validator, which can be a built-in validator such as FILTER_VALIDATE_EMAIL, FILTER_VALIDATE_INT, etc., or a custom validator, flags represents an optional tag, options represents optional options, and name represents an alternative name for the variable.

Parameter 3: add_empty, indicating whether to filter and verify empty values.

The return value of this function is the filtered data. If an error occurs, it returns false.

2. Use the filter_input_array() function to filter data entered by multiple single users

Below we give an example of using the filter_input_array() function to filter data entered by multiple single users. Suppose we want to validate and filter a form data containing username, email address and age to meet the following requirements:

• Username can only contain letters and numbers, and be 6 to 12 characters long
• The email must be in a legal email format
• The age must be a number and between 18 and 100

The sample code is as follows:

<?php
    $definitions = array(
        'username' => array(
            'filter'   => FILTER_VALIDATE_REGEXP,
            'options'  => array('regexp' => '/^[a-z0-9_-]{6,12}$/i'),
            'name'     => '用户名',
        ),
        'email' => array(
            'filter'   => FILTER_VALIDATE_EMAIL,
            'name'     => '邮箱',
        ),
        'age' => array(
            'filter'   => FILTER_VALIDATE_INT,
            'options'  => array('min_range' => 18, 'max_range' => 100),
            'name'     => '年龄',
        ),
    );

    $input_data = filter_input_array(INPUT_POST, $definitions);

    if (!$input_data) {
        echo '发生了一个错误。';
    } else {
        if (in_array(null, $input_data, true) || in_array(false, $input_data, true)) {
            echo '输入数据不正确。';
        } else {
            echo '输入数据正确。';
        }
    }
?>

where , we define an array containing 3 input data, and then verify and filter these input data through the filter_input_array() function. In the above example, we use some built-in validators FILTER_VALIDATE_REGEXP, FILTER_VALIDATE_EMAIL and FILTER_VALIDATE_INT, which are used to verify whether the input data conforms to the regular expression. , whether it conforms to the email format and whether it is an integer. Additionally, some options are used, such as min_range, max_range, to allow the minimum and maximum values ​​of the input data. Finally, use the if statement to determine whether the input data is legal.

3. Conclusion

Using the filter_input_array() function can easily verify and filter data entered by multiple single users, and improve data security. When using this function, you need to define rules, validators, options, etc. for input data to ensure the validity of the input data. Proper use of this function can effectively protect the security of the system and avoid common security vulnerabilities.

The above is the detailed content of Use PHP's filter_input_array() function to filter data entered by multiple single users. For more information, please follow other related articles on the PHP Chinese website!