PHP filters are used to validate and sanitize external input.

Validating data is determine if the data is in proper form.

Sanitizing data is remove any illegal character from the data.

The PHP filter extension has many of the functions needed for checking user input, and is designed to make data validation easier and quicker.

The filter_list() function can be used to list what the PHP filter extension offers

<table>

  <tr>

    <td>Filter Name</td>

    <td>Filter ID</td>

  </tr>

  <?php

    foreach(filter_list() as $id => $filter){

      echo '<tr><td>' .$filter .'</td><td>' .filter_id($filter) . '</td></tr>';

    }

  ?>

</table>

Many  web application recieve external input.External input/data can be:

User input from a form

Cookies

Web Services data

Server variables

Database query results

The filter_var() function both validate and sanitize data.

The filter_var() function filters a single variable with a specified filter.It takes two pieces of data:

  •  The Variable you want to check
  • The type of check to use

The following example uses the filter_var() funcion to remove all HTML tags from a string:

<?php

  $str = "<h1>Hello World</h1>";

  $newStr = filter_var($str, FILTER_SANITIZE_STRING);

  echo $newStr; //Hello World

?>

The following example uses the filter_var() function to check if the variable $int is an integer.

<?php

  $int = 100;

  // if $int was set to 0, the function will return "Integer is not valid"

  // filter_var($int, FILTER_VALIDATE_INT) ===0 it will work when you set 0 to $int

  if(!filter_var($int, FILTER_VALIDATE_INT) === false){

    echo("Integer is valid");

  }else{

    echo("Integer is not valid");

  }

?>

The following example uses the filter_var() function to check if the variable $ip is a valid IP address

<?php

  $ip = "127.0.0.1";

  if(!filter_var(FILTER_VALIDATE_IP) === false){

    echo("$ip is a valid IP address");

  }else{

    echo("$ip is not a valid IP address");

  }

?>

The following example uses the filter_var() function to first remove all illegal characters from the $email variable, then check if it is a valid email address

<?php

  $email = "john.doe@example.com";

  //remove all illegal characters from email

  $email = filter_var($email, FILTER_SANITIZE_EMAIL);

  // validate e-mail

  if(!filter_var($email, FILTER_VALIDATE_EMAIL) === false){

    echo("$email is a valid email address");

  }else{

    echo("$email is not a valid email address");

  }

?>

The following example uses the filter_var() function to first remove all illegal characters from a URL, then check if $url is a valid URL

<?php

  $url = "http://www.w3schools.com";

  //remove all illegal characters from a url

  $url = filter_var($url, FILTER_SANITIZE_URL);

    

  // validate url 

  if(!filter_var($url, FILTET_VALIDATE_URL) === false){

    echo("$url is a valid URL");

  }else{

    echo("$url is not a valid URL");

  }

?>

The following example uses the filter_var() function to check if a variable is both of type INT, and between 1 and 200

<?php

  $int = 122;

  $min = 1;

  $max = 200;

  if(filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range" => $min, "max_range" => $max))) === false){

    echo("Variable value is not within the legal range");

  }else{

    echo("Variable value is within the legal range");

  }

?>

The following example uses the filter_var() function to checkt if the variable $ip is a valid IPv6 address:

<?php

  $ip = "2001:0db8:85a3:08d3:1319:8a2e:0370:7334";

  if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false){

    echo("$ip is a valid IPv6 address");

  }else{

    echo("$ip is not a valid IPv6 address");

  }

?>

The following example uses the filter_var() function to check if the variable $url is a URL with a querystring:

<?php

  $url = "http://www.w3schools.com";

  if(!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED) === false){

    echo("$url is a valid URL");

  }else{

    echo($url is not a valid URL);

  }

?>

The following example uses the filter_var() function to sanitize a string.It will both remove all HTML tags, and all characters with ASCII value > 127, from the string:

<?php

  $str = "<h1>Hello WorldØÅ</h1>";

  $newStr = filter_var($str, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);

  echo $newStr;

?>

PHP Filter的更多相关文章

  1. django 操作数据库--orm(object relation mapping)---models

    思想 django为使用一种新的方式,即:关系对象映射(Object Relational Mapping,简称ORM). PHP:activerecord Java:Hibernate C#:Ent ...

  2. JavaWeb——Filter

    一.基本概念 之前我们用一篇博文介绍了Servlet相关的知识,有了那篇博文的知识积淀,今天我们学习Filter将会非常轻松,因为Filter有很多地方和Servlet类似,下面在讲Filter的时候 ...

  3. 以bank account 数据为例,认识elasticsearch query 和 filter

    Elasticsearch 查询语言(Query DSL)认识(一) 一.基本认识 查询子句的行为取决于 query context filter context 也就是执行的是查询(query)还是 ...

  4. AngularJS过滤器filter-保留小数,小数点-$filter

    AngularJS      保留小数 默认是保留3位 固定的套路是 {{deom | number:4}} 意思就是保留小数点 的后四位 在渲染页面的时候 加入这儿个代码 用来精确浮点数,指定小数点 ...

  5. 挑子学习笔记:特征选择——基于假设检验的Filter方法

    转载请标明出处: http://www.cnblogs.com/tiaozistudy/p/hypothesis_testing_based_feature_selection.html Filter ...

  6. [模拟电路] 2、Passive Band Pass Filter

    note: Some articles are very good in http://www.electronics-tutorials.ws/,I share them in the Cnblog ...

  7. AngularJS过滤器filter-时间日期格式-渲染日期格式-$filter

    今天遇到了这些问题索性就 写篇文章吧 话不多说直接上栗子 不管任何是HTML格式还是JS格式必须要在  controller 里面写 // new Date() 获取当前时间 yyyy-MM-ddd ...

  8. 《ES6基础教程》之 map、forEach、filter indexOf 用法

    1,map,对数组的每个元素进行一定操作,返回一个新的数组. var oldArr = [{first_name:"Colin",last_name:"Toh" ...

  9. 1. 使用Filter 作为控制器

    最近整理一下学习笔记,并且准备放到自己的博客上.也顺便把Struts2 复习一遍 1. MVC 设计模式概览 实现 MVC(Model.View.Controller) 模式的应用程序由 3 大部分构 ...

  10. angularjs之filter过滤器

    现在公司用ionic,就是基于angularjs封装了一些api用于webapp,最近用的angularjs的filter确实省了很多代码,现在总结一下! ng比较鸡肋的过滤器,这里就一笔带过吧!鸡汤 ...

随机推荐

  1. 小例子(三)、winform控件的移动

    程序:Do You Love Me ? 说明:就是鼠标移动到“不爱”按钮上按钮就会移动到其他地方 代码: //鼠标进入控件表面的事件MouseEnter //this.ClientSize.Width ...

  2. 笔记8:winfrom连接数据库DBHelp

    using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.D ...

  3. (08)odoo继承机制

    * 全局的引用    所有的的模型定义外,都在注册中心注册了,我们可以用全局变量来引用这些模型    self.env[mode name] 比如得到合作伙伴这个模型 self.evn['res.pa ...

  4. 例子:使用C++中的this

    在C++中很多的东西都传值的,. C++中的对象之间的copy是传值的 , 他不想java那样,对象之间传递的引用 , 或者说是java对指针进行了封装 , 禁止了一些不安全的操作 对于C++而言 , ...

  5. IFE 百度前端技术学院 2016年春季班作业 第一阶段任务(1-4)的总结

    具体任务详细介绍可参考http://ife.baidu.com/task/all 具体代码参考:https://github.com/sunshineqt/webxt/tree/master/stag ...

  6. 网络编程socket基本API详解(转)

    网络编程socket基本API详解   socket socket是在应用层和传输层之间的一个抽象层,它把TCP/IP层复杂的操作抽象为几个简单的接口供应用层调用已实现进程在网络中通信. socket ...

  7. Java:多线程,使用同步锁(Lock)时利用Condition类实现线程间通信

    如果程序不使用synchronized关键字来保证同步,而是直接使用Lock对象来保证同步,则系统中不存在隐式的同步监视器,也就不能用wait().notify().notifyAll()方法进行线程 ...

  8. linux 磁盘管理以及维护

    Linux系统中,进行频繁的读写操作,容易发送只读.以及磁盘损坏等故障.下文为其解决方案: 1.如何界定磁盘已经存在故障 方法一(界定将如下内容另存为Repair.sh然后执行即可): #!/bin/ ...

  9. phonegap开发入门

    做了几次开发配置了,但时间一长就忘了,特记录一下. 一.环境变量配置::右击“我的电脑”-->"高级"-->"环境变量" 1.在系统变量里新建JAV ...

  10. ZOJ 3644 Kitty's Game dfs,记忆化搜索,map映射 难度:2

    http://acm.zju.edu.cn/onlinejudge/showProblem.do?problemId=4834 从点1出发,假设现在在i,点数为sta,则下一步的点数必然不能是sta的 ...