Review: the FILTER_VALIDATE_IP filter - PHPWelcome to the eighth part of a nine-part series on using filters in PHP 5. In this part, I discuss how to use the filter extension for sanitizing strings in all sorts of clever manners. I'll show you how to encode quotes, low and high ASCII characters in literals, and remove them in the same easy manner. Doing this can help prevent SQL injections and XSS attacks when developing PHP applications.
print this article SEARCH DEV SHED |
I know that you're curious about the functionality provided by the filter PHP 5 extension to sanitize strings. Before I proceed to discuss that particular topic, though, I’d like to reintroduce the examples built in the previous article. They demonstrated how to work with the FILTER_VALIDATE_IP filter to validate several ranges and types of IP addresses. Given that, here’s how these examples looked originally. Here they are: (example on validating IP address using the FILTER_FLAG_IPV4 argument)
$ip = '192.168.37'; if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE) // displays IP is not valid { echo 'IP is not valid.'; } else { echo 'IP is valid.'; }
(example on validating IP address using the FILTER_FLAG_IPV6 argument)
$ip = '2001:0cb8:25a3:04c1:1324:8a2b:0471:8221'; if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === FALSE) // displays IP is valid { echo 'IP is not valid.'; } else { echo 'IP is valid.'; }
(example on validating IP address using the FILTER_FLAG_NO_PRIV_RANGE argument)
$ip = '192.168.37.1'; if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE) === FALSE) // displays IP is not valid { echo 'IP is not valid.'; } else { echo 'IP is valid.'; }
(example on validating IP address using the FILTER_FLAG_NO_RES_RANGE argument) $ip = '255.255.255.255'; if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) === FALSE) // displays IP is not valid { echo 'IP is not valid.'; } else { echo 'IP is valid.'; } As shown previously, the above group of code snippets represent different cases where the FILTER_VALIDATE_IP filter is utilized along with the “filter_var()” function to validate several IP addresses. More specifically speaking, the first two examples show how to work with the filter to check IP addresses that stick to the IPv4 and IPv6 protocols respectively, while the remaining ones demonstrate how simple it is to determine if a given IP belongs to a reserved and private range. That was quite easy to grasp, right? Well, now that you hopefully recalled how to utilize the filter extension to validate distinct types of IP addresses, it’s time to explore some additional filters. Thus, as I stated in the beginning of this article, in the next few lines I’m going to discuss the utilization of a brand new PHP constant called FILTER_SANITIZE_STRING. As its name implies, it comes in handy for sanitizing strings in all sorts of smart ways. This topic will be treated in depth in the course of the section to come. So, to learn more on it, please click on the link that appears below and keep reading.
blog comments powered by Disqus |
|
|
|
|
|
|
|
/ 2 
