Use PHP's filter_var_array() function to filter data entered by multiple users

With the widespread use of Web applications, security issues have attracted more and more attention. One of the important security measures is to filter and verify the data entered by the user. PHP provides a series of filter functions, among which there is a very practical function - filter_var_array(). This function can filter multiple data at the same time and is a very efficient and convenient tool. This article will introduce the usage of this function in detail and provide you with specific code examples.

1. Basic usage of filter_var_array() function

filter_var_array() function is used to filter multiple data. Its basic syntax is as follows:

filter_var_array ( array $data [, mixed $definition [, bool $add_empty = true ]] ) : array

Among them, $data represents the data to be filtered and must be an associative array. $definition represents the filtering rule, which can be an array or a constant. $add_empty indicates whether to include the empty string.

This function returns the filtered data, which is also an associative array.

2. Use the filter_var_array() function to filter the data entered by the user

Now suppose we have a form that contains three input boxes: username, password and email address. We need to filter and verify the data in these three input boxes to ensure that the data is in the correct format before storing it in the database. The following is the code that uses the filter_var_array() function to accomplish this task:

<?php
//从表单中获取数据
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];

//定义过滤规则
$definition = array(
    'username' => FILTER_SANITIZE_STRING,
    'password' => FILTER_SANITIZE_STRING,
    'email'    => FILTER_VALIDATE_EMAIL
);

//使用filter_var_array()函数过滤数据
$data = filter_var_array(array(
    'username' => $username,
    'password' => $password,
    'email'    => $email
), $definition);

//判断用户输入是否合法
if($data['username'] && $data['password'] && $data['email']){
    //存储到数据库中
    //...
}else{
    //提示用户输入不合法
    //...
}
?>

In the above code, three variables $username, $password and $email are first obtained from the form. Then we defined a $definition array, in which the filtering rule for 'username' and 'password' is FILTER_SANITIZE_STRING (removing labels and special characters), and the filtering rule for 'email' is FILTER_VALIDATE_EMAIL (checking whether it is a legal email address).

Next, we pass the three obtained variables and the defined $definition array to the filter_var_array() function, and save the return result in the $data array. Finally, we determine whether the three elements in the $data array are not empty. If they are not empty, the data can be stored in the database. Otherwise, the user will be prompted that the input is illegal.

Through the above code examples, we can see that the filter_var_array() function is efficient and convenient, and can easily filter and verify multiple data.

3. Constants of filter_var_array() function

In the above example we used two filter constants: FILTER_SANITIZE_STRING and FILTER_VALIDATE_EMAIL, these two constants are defined in the filter_var() function , or can be used directly in the filter_var_array() function. However, in addition to these two constants, the filter_var_array() function has many other constants that can be used. The following are some commonly used filter constants:

• FILTER_VALIDATE_BOOLEAN: Check whether it is a Boolean type
• FILTER_VALIDATE_INT: Check whether it is an integer
• FILTER_VALIDATE_FLOAT: Check whether it is a floating point number
• FILTER_VALIDATE_REGEXP: Check whether it matches the specified regular expression
• FILTER_VALIDATE_URL: Check whether it is a URL address
• FILTER_SANITIZE_SPECIAL_CHARS: Escape special characters into HTML entities
• FILTER_SANITIZE_NUMBER_INT : Remove non-numeric characters from a string

4. Summary

In this article, we introduce the usage of PHP's filter_var_array() function in detail and give specific code examples. Through the demonstration of actual cases, readers can clearly understand how to use this function to filter and verify user-entered data to ensure the security of web applications.

The above is the detailed content of Use PHP's filter_var_array() function to filter data entered by multiple users. For more information, please follow other related articles on the PHP Chinese website!