PHP Filter
2016-03-01 12:33
741 查看
PHP filters are used to validate and sanitize external input.
Validating data is determine if the data is in proper form.
Sanitizing data is remove any illegal character from the data.
The PHP filter extension has many of the functions needed for checking user input, and is designed to make data validation easier and quicker.
The filter_list() function can be used to list what the PHP filter extension offers
<table>
<tr>
<td>Filter Name</td>
<td>Filter ID</td>
</tr>
<?php
foreach(filter_list() as $id => $filter){
echo '<tr><td>' .$filter .'</td><td>' .filter_id($filter) . '</td></tr>';
}
?>
</table>
Many web application recieve external input.External input/data can be:
User input from a form
Cookies
Web Services data
Server variables
Database query results
The filter_var() function both validate and sanitize data.
The filter_var() function filters a single variable with a specified filter.It takes two pieces of data:
The Variable you want to check
The type of check to use
The following example uses the filter_var() funcion to remove all HTML tags from a string:
<?php
$str = "<h1>Hello World</h1>";
$newStr = filter_var($str, FILTER_SANITIZE_STRING);
echo $newStr; //Hello World
?>
The following example uses the filter_var() function to check if the variable $int is an integer.
<?php
$int = 100;
// if $int was set to 0, the function will return "Integer is not valid"
// filter_var($int, FILTER_VALIDATE_INT) ===0 it will work when you set 0 to $int
if(!filter_var($int, FILTER_VALIDATE_INT) === false){
echo("Integer is valid");
}else{
echo("Integer is not valid");
}
?>
The following example uses the filter_var() function to check if the variable $ip is a valid IP address
<?php
$ip = "127.0.0.1";
if(!filter_var(FILTER_VALIDATE_IP) === false){
echo("$ip is a valid IP address");
}else{
echo("$ip is not a valid IP address");
}
?>
The following example uses the filter_var() function to first remove all illegal characters from the $email variable, then check if it is a valid email address
<?php
$email = "john.doe@example.com";
//remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
// validate e-mail
if(!filter_var($email, FILTER_VALIDATE_EMAIL) === false){
echo("$email is a valid email address");
}else{
echo("$email is not a valid email address");
}
?>
The following example uses the filter_var() function to first remove all illegal characters from a URL, then check if $url is a valid URL
<?php
$url = "http://www.w3schools.com";
//remove all illegal characters from a url
$url = filter_var($url, FILTER_SANITIZE_URL);
// validate url
if(!filter_var($url, FILTET_VALIDATE_URL) === false){
echo("$url is a valid URL");
}else{
echo("$url is not a valid URL");
}
?>
The following example uses the filter_var() function to check if a variable is both of type INT, and between 1 and 200
<?php
$int = 122;
$min = 1;
$max = 200;
if(filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range" => $min, "max_range" => $max))) === false){
echo("Variable value is not within the legal range");
}else{
echo("Variable value is within the legal range");
}
?>
The following example uses the filter_var() function to checkt if the variable $ip is a valid IPv6 address:
<?php
$ip = "2001:0db8:85a3:08d3:1319:8a2e:0370:7334";
if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false){
echo("$ip is a valid IPv6 address");
}else{
echo("$ip is not a valid IPv6 address");
}
?>
The following example uses the filter_var() function to check if the variable $url is a URL with a querystring:
<?php
$url = "http://www.w3schools.com";
if(!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED) === false){
echo("$url is a valid URL");
}else{
echo($url is not a valid URL);
}
?>
The following example uses the filter_var() function to sanitize a string.It will both remove all HTML tags, and all characters with ASCII value > 127, from the string:
<?php
$str = "<h1>Hello WorldØÅ</h1>";
$newStr = filter_var($str, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
echo $newStr;
?>
Validating data is determine if the data is in proper form.
Sanitizing data is remove any illegal character from the data.
The PHP filter extension has many of the functions needed for checking user input, and is designed to make data validation easier and quicker.
The filter_list() function can be used to list what the PHP filter extension offers
<table>
<tr>
<td>Filter Name</td>
<td>Filter ID</td>
</tr>
<?php
foreach(filter_list() as $id => $filter){
echo '<tr><td>' .$filter .'</td><td>' .filter_id($filter) . '</td></tr>';
}
?>
</table>
Many web application recieve external input.External input/data can be:
User input from a form
Cookies
Web Services data
Server variables
Database query results
The filter_var() function both validate and sanitize data.
The filter_var() function filters a single variable with a specified filter.It takes two pieces of data:
The Variable you want to check
The type of check to use
The following example uses the filter_var() funcion to remove all HTML tags from a string:
<?php
$str = "<h1>Hello World</h1>";
$newStr = filter_var($str, FILTER_SANITIZE_STRING);
echo $newStr; //Hello World
?>
The following example uses the filter_var() function to check if the variable $int is an integer.
<?php
$int = 100;
// if $int was set to 0, the function will return "Integer is not valid"
// filter_var($int, FILTER_VALIDATE_INT) ===0 it will work when you set 0 to $int
if(!filter_var($int, FILTER_VALIDATE_INT) === false){
echo("Integer is valid");
}else{
echo("Integer is not valid");
}
?>
The following example uses the filter_var() function to check if the variable $ip is a valid IP address
<?php
$ip = "127.0.0.1";
if(!filter_var(FILTER_VALIDATE_IP) === false){
echo("$ip is a valid IP address");
}else{
echo("$ip is not a valid IP address");
}
?>
The following example uses the filter_var() function to first remove all illegal characters from the $email variable, then check if it is a valid email address
<?php
$email = "john.doe@example.com";
//remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
// validate e-mail
if(!filter_var($email, FILTER_VALIDATE_EMAIL) === false){
echo("$email is a valid email address");
}else{
echo("$email is not a valid email address");
}
?>
The following example uses the filter_var() function to first remove all illegal characters from a URL, then check if $url is a valid URL
<?php
$url = "http://www.w3schools.com";
//remove all illegal characters from a url
$url = filter_var($url, FILTER_SANITIZE_URL);
// validate url
if(!filter_var($url, FILTET_VALIDATE_URL) === false){
echo("$url is a valid URL");
}else{
echo("$url is not a valid URL");
}
?>
The following example uses the filter_var() function to check if a variable is both of type INT, and between 1 and 200
<?php
$int = 122;
$min = 1;
$max = 200;
if(filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range" => $min, "max_range" => $max))) === false){
echo("Variable value is not within the legal range");
}else{
echo("Variable value is within the legal range");
}
?>
The following example uses the filter_var() function to checkt if the variable $ip is a valid IPv6 address:
<?php
$ip = "2001:0db8:85a3:08d3:1319:8a2e:0370:7334";
if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false){
echo("$ip is a valid IPv6 address");
}else{
echo("$ip is not a valid IPv6 address");
}
?>
The following example uses the filter_var() function to check if the variable $url is a URL with a querystring:
<?php
$url = "http://www.w3schools.com";
if(!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED) === false){
echo("$url is a valid URL");
}else{
echo($url is not a valid URL);
}
?>
The following example uses the filter_var() function to sanitize a string.It will both remove all HTML tags, and all characters with ASCII value > 127, from the string:
<?php
$str = "<h1>Hello WorldØÅ</h1>";
$newStr = filter_var($str, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
echo $newStr;
?>
相关文章推荐
- PHP里的编译参数--with-config-file-path=/usr/local/php/etc
- php分享二十六:读写日志
- PHP代码优化的方法
- 能正确下载ftp文件,但是文件内容为空大小为0
- php编程每天必学之表单验证
- 关于ContentProvider的批量操作
- PHPExcel使用-使用PHPExcel导入文件
- PHP中字符串替换函数之strtr详解
- PHP学习(一):对PHP的理解
- 编译安装 PHP 7.0.3 亲测全攻略 & 以及如何单独的安装某个模块
- PHP的curl常用的5种写法
- getParameter和getAttribute的区别
- 欢迎使用CSDN-markdown编辑器
- php isset()与empty()的使用
- PHP的命名空间(转)
- PHPExcel使用-使用PHPExcel导出文件
- php 文件操作
- 下载PHP7的地址
- PHP汉字转拼音的两种方法+PHP提取汉字(中文)方法
- Windows下使用Composer安装yii2