 PHP Page 2 - Cleaning up Array Elements, POST and GET Requests with Filters in PHP 5 |
Review: the FILTER_SANITIZE_STRING filter - PHPWelcome to the final episode of a series that shows you how to use filters in PHP 5. Made up of nine parts, these articles show you how to utilize the numerous checking filters that come with the filter library. You can use them to thoroughly validate the incoming data handled by your PHP programs, without having to spend a long time coding custom functions or class methods.
print this article SEARCH DEV SHED |
Just in case you haven't read the previous article of this series, where I demonstrated how to use the filter extension for sanitizing different types of strings, below I reintroduced the code samples developed in that article. This way, you can quickly learn how to perform this task with minor hassles. That being said, here’s how the aforementioned examples were created originally:
// example on sanitizing strings in a basic way $string = '<script>alert('hello');</script>'; echo filter_var($string, FILTER_SANITIZE_STRING); // quotes are encoded
// example on sanitizing strings using the FILTER_FLAG_NO_ENCODE_QUOTES argument $string = '<script>alert('hello');</script>'; echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); // quotes are not encoded
// example on sanitizing strings using the FILTER_FLAG_STRIP_LOW argument $string = '<script>#$%^&!*</script>'; echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); // strips low characters
// example on sanitizing strings using the FILTER_FLAG_STRIP_HIGH argument $string = '<script>This is a string#$%^&!*</script>'; echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // strips high characters
// example on sanitizing strings using the FILTER_FLAG_ENCODE_LOW argument $string = '<script>This is a string#$%^&!*</script>'; echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW); // encodes low characters
// example on sanitizing strings using the FILTER_FLAG_ENCODE_HIGH argument $string = '<script>This is a string#$%^&!*</script>'; echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH); // encodes high characters
// example sanitizing an email address using the FILTER_SANITIZE_EMAIL filter $email = 'alejandro(&)gervasio@domain.com'; echo filter_var($email, FILTER_SANITIZE_EMAIL); // sanitizes email address
// example sanitizing a URL using the FILTER_SANITIZE_URL filter $email = 'http://www.devshed.c!m'; echo filter_var($email, FILTER_SANITIZE_URL); // removes invalid characters from a URL
// example sanitizing an integer using the FILTER_SANITIZE_NUMBER_INT filter $value = '12abc345@'; echo filter_var($value, FILTER_SANITIZE_NUMBER_INT); // sanitizes an integer
// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter $value = '12.abc345@'; echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); // sanitizes a float number and converts it to an integer
// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter and the FILTER_FLAG_ALLOW_FRACTION argument $value = '12.abc345@'; echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); // sanitizes a float number
// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter and the FILTER_FLAG_ALLOW_THOUSAND $value = '12.,abc345@'; echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND); // sanitizes a float number
// example sanitizing magic quotes using the FILTER_SANITIZE_MAGIC_QUOTES filter $value = "I'm Alejandro Gervasio"; echo filter_var($value, FILTER_SANITIZE_MAGIC_QUOTES); As you no doubt realized when examining the above sample codes, it’s extremely simple to sanitize distinct kinds of data by using the FILTER_SANITIZE_STRING filter in conjunction with several constants, which are passed to the familiar “filter_var()” function. In doing so, it’s possible to remove unwanted characters from email addresses and numeric values, as well as encode quotes, only to cite some illustrative examples that can be recreated in real world environments. Now that you hopefully recalled the basic concepts that surround the implementation of the FILTER_SANITIZE_STRING filter for sanitizing strings in all sorts of clever ways, it’s time to explore a few more features provided by the filter extension, which also can be helpful for cleaning up literals. With this idea in mind, in the course of the following section I’m going to explain how to use the FILTER_SANITIZE_STRING filter for cleaning up data coming from GET and POST HTTP requests and from cookies as well. If you wish to learn the full details of this topic, click on the link that appears below and read the upcoming segment.
blog comments powered by Disqus |
|
|
|
|
|
|
|
