Home arrow PHP arrow Page 2 - Cleaning up Array Elements, POST and GET Requests with Filters in PHP 5

Review: the FILTER_SANITIZE_STRING filter - PHP

Welcome to the final episode of a series that shows you how to use filters in PHP 5. Made up of nine parts, these articles show you how to utilize the numerous checking filters that come with the filter library. You can use them to thoroughly validate the incoming data handled by your PHP programs, without having to spend a long time coding custom functions or class methods.

TABLE OF CONTENTS:
  1. Cleaning up Array Elements, POST and GET Requests with Filters in PHP 5
  2. Review: the FILTER_SANITIZE_STRING filter
  3. Sanitizing strings from GET and Post requests, cookies and sessions
  4. Using callback functions and building arrays of filters
By: Alejandro Gervasio
Rating: starstarstarstarstar / 2
September 09, 2009

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Just in case you haven't read the previous article of this series, where I demonstrated how to use the filter extension for sanitizing different types of strings, below I reintroduced the code samples developed in that article. This way, you can quickly learn how to perform this task with minor hassles.

That being said, hereís how the aforementioned examples were created originally:

 

// example on sanitizing strings in a basic way

$string = '<script>alert('hello');</script>';

echo filter_var($string, FILTER_SANITIZE_STRING); // quotes are encoded

 

 

// example on sanitizing strings using the FILTER_FLAG_NO_ENCODE_QUOTES argument

$string = '<script>alert('hello');</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); // quotes are not encoded

 

 

// example on sanitizing strings using the FILTER_FLAG_STRIP_LOW argument

$string = '<script>#$%^&!*</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); // strips low characters

 

 

// example on sanitizing strings using the FILTER_FLAG_STRIP_HIGH argument

$string = '<script>This is a string#$%^&!*</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // strips high characters

 

 

// example on sanitizing strings using the FILTER_FLAG_ENCODE_LOW argument

$string = '<script>This is a string#$%^&!*</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW); // encodes low characters

 

 

// example on sanitizing strings using the FILTER_FLAG_ENCODE_HIGH argument

$string = '<script>This is a string#$%^&!*</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH); // encodes high characters

 

// example sanitizing an email address using the FILTER_SANITIZE_EMAIL filter

$email = 'alejandro(&)gervasio@domain.com';

echo filter_var($email, FILTER_SANITIZE_EMAIL); // sanitizes email address

 

 

// example sanitizing a URL using the FILTER_SANITIZE_URL filter

$email = 'http://www.devshed.c!m';

echo filter_var($email, FILTER_SANITIZE_URL); // removes invalid characters from a URL

 

 

// example sanitizing an integer using the FILTER_SANITIZE_NUMBER_INT filter

$value = '12abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_INT); // sanitizes an integer

 

 

// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter

$value = '12.abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); // sanitizes a float number and converts it to an integer

 

 

// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter and the FILTER_FLAG_ALLOW_FRACTION argument

$value = '12.abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); // sanitizes a float number

 

 

// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter and the FILTER_FLAG_ALLOW_THOUSAND

$value = '12.,abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND); // sanitizes a float number

 

 

// example sanitizing magic quotes using the FILTER_SANITIZE_MAGIC_QUOTES filter

$value = "I'm Alejandro Gervasio";

echo filter_var($value, FILTER_SANITIZE_MAGIC_QUOTES);

As you no doubt realized when examining the above sample codes, itís extremely simple to sanitize distinct kinds of data by using the FILTER_SANITIZE_STRING filter in conjunction with several constants, which are passed to the familiar ďfilter_var()Ē function. In doing so, itís possible to remove unwanted characters from email addresses and numeric values, as well as encode quotes, only to cite some illustrative examples that can be recreated in real world environments.

Now that you hopefully recalled the basic concepts that surround the implementation of the FILTER_SANITIZE_STRING filter for sanitizing strings in all sorts of clever ways, itís time to explore a few more features provided by the filter extension, which also can be helpful for cleaning up literals.

With this idea in mind, in the course of the following section Iím going to explain how to use the FILTER_SANITIZE_STRING filter for cleaning up data coming from GET and POST HTTP requests and from cookies as well.

If you wish to learn the full details of this topic, click on the link that appears below and read the upcoming segment.



 
 
>>> More PHP Articles          >>> More By Alejandro Gervasio
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: