Home arrow PHP arrow Sanitizing Strings with Filters in PHP 5

Sanitizing Strings with Filters in PHP 5

Welcome to the eighth part of a nine-part series on using filters in PHP 5. In this part, I discuss how to use the filter extension for sanitizing strings in all sorts of clever manners. I'll show you how to encode quotes, low and high ASCII characters in literals, and remove them in the same easy manner. Doing this can help prevent SQL injections and XSS attacks when developing PHP applications.

  1. Sanitizing Strings with Filters in PHP 5
  2. Review: the FILTER_VALIDATE_IP filter
  3. Sanitizing strings with the filter library
  4. Sanitizing email addresses, integers and float numbers
By: Alejandro Gervasio
Rating: starstarstarstarstar / 2
September 02, 2009

print this article



In case you haven’t heard about it yet, the filter extension that comes included with PHP 5 is a powerful library that allows you to perform all sorts of clever validation tasks on incoming data, ranging from checking integers and float numbers, Boolean and string values, to accomplishing more complex processes, such as verifying IP and email addresses.

Thus, if you’re a PHP developer who’s looking for an approachable guide that shows you how to work with the most relevant filters that come bundled with this useful extension, then you've come to the right place. In this group of articles you’ll find numerous examples that will show you how to get the most out of this data checking library in a truly effortless manner.

And now that you know the main goal of this article series, it’s time to refresh the topics covered in the last installment. So, as you’ll possibly recall, in that tutorial I discussed the usage of the FILTER_VALIDATE_IP filter for validating IP addresses utilizing both the IPv4 and the IPv6 protocols.

As with other filters that were reviewed in previous articles of this series, the FILTER_VALIDATE_IP filter was used in conjunction with the already familiar “filter_var()” function, to perform the validation process in a pretty straightforward fashion. However, as I stated previously, the filter extension has plenty of room to let developers verify different data types; this includes the ability to sanitize strings in different ways.

For instance, say that you need to strip unwanted HTML tags from data collected through a web form, or even wish to replace certain characters in a literal form by their corresponding HTML entities, as you’ve done probably hundreds of times before when using the “html_special_chars()” PHP native function. Well, the filter extension permits you to perform this kind of string sanitization and many, many others.

Therefore, in this penultimate part of this series, I’m going to explain how to use the extension to “heal” your strings in a snap, without having to code a complex custom function or class methods. So, let’s leave the preliminaries and see how to accomplish these task by means of a few comprehensive examples. Let’s get going!

>>> More PHP Articles          >>> More By Alejandro Gervasio

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: