Before php 5.2.0 when we have to validate or filter user data, we normally use regex and some php functions. Some of those regex are difficult to understand. So normally most of the coders search in google to collect the correct regex to validate data and also use some php functions to filter data.
In php 5.2.0 a new extension is provided named filter to make these filter tasks much easy. You can install it in your linux distro by simply typing in shell pecl install filter
Before proceeding next at first check the available filters in your system:
echo'<pre>';
print_r(filter_list());
echo'</pre>';
Output in my system:
Array
(
[0] => int
[1] => boolean
[2] => float
[3] => validate_regexp
[4] => validate_url
[5] => validate_email
[6] => validate_ip
[7] => string
[8] => stripped
[9] => encoded
[10] => special_chars
[11] => unsafe_raw
[12] => email
[13] => url
[14] => number_int
[15] => number_float
[16] => magic_quotes
[17] => callback
)
filter_list() is a method that returns a list of all supported filters.
Validate Email address
Normally we validate email address like this way
$email= "viral.solani@gmail.com";
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
echo"Valid email address.";
}
else{
echo"Invalid email address.";
}
But using php’s filter functions you can easily verify that
$email = "viral.solani@gmail.com";
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo" $email is valid email address <br />";
}
$email= "viral.solani@gmail.com";
if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE){
echo" $email is not a valid email address <br />";
}
Output
viral.solani@gmail.com is valid email address
viral.solani@gmail,com is not a valid email address
So using filter_var() and its parameters you can easily validate email, url, ip address and more.
Check this link to learn what type of data you can validate via filter functions. Normally FILTER_VALIDATE_EMAIL, FILTER_VALIDATE_INT,FILTER_VALIDATE_URL, FILTER_VALIDATE_IP are mostly used.
Data Sanitization
Data sensitization is very important. As a coder never trust user’s input. User may push SQL injection code or javascript code. So always validate or sanitize data before use. To sanitize data you can use the same filter functions but you have to only provide sanitize filters as second parameter. Some commonly used sanitize filters are:
FILTER_SANITIZE_EMAIL
FILTER_SANITIZE_NUMBER_FLOAT
FILTER_SANITIZE_NUMBER_INT
FILTER_SANITIZE_SPECIAL_CHARS
FILTER_SANITIZE_STRING
FILTER_SANITIZE_URL
FILTER_SANITIZE_ENCODED
You’ll see detail list and description from here. For example to get valid string from user input
$userData= array(
'<b>bold</b>',
"<script>javascript alert('hi');</script>",
'P*}i@893746%%%p*.i.*}}|.dw<?php echo "echo works!!";?>'
);
$myinputs= filter_var_array($userData, FILTER_SANITIZE_STRING);
echo'<pre>';
print_r($myinputs);
echo'</pre>';
output
Array
(
[0] => bold
[1] => javascript alert('hi');
[2] => P*}i@893746%%%p*.i.*}}|.dw
)
filter_var_array() is used to get multiple variables and optionally filters them. And this function is very useful for retrieving many values without repetitively callingfilter_var().
No comments:
Post a Comment