Home arrow PHP arrow Page 3 - Sanitizing Strings with Filters in PHP 5

Sanitizing strings with the filter library - PHP

Welcome to the eighth part of a nine-part series on using filters in PHP 5. In this part, I discuss how to use the filter extension for sanitizing strings in all sorts of clever manners. I'll show you how to encode quotes, low and high ASCII characters in literals, and remove them in the same easy manner. Doing this can help prevent SQL injections and XSS attacks when developing PHP applications.

TABLE OF CONTENTS:
  1. Sanitizing Strings with Filters in PHP 5
  2. Review: the FILTER_VALIDATE_IP filter
  3. Sanitizing strings with the filter library
  4. Sanitizing email addresses, integers and float numbers
By: Alejandro Gervasio
Rating: starstarstarstarstar / 2
September 02, 2009

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

In reality, one of the most robust filters included with the filter library is the one responsible for sanitizing strings, since itís capable of doing this in several ways. To understand more clearly how this filter works with the numerous optional arguments, below I coded a few basic examples that show it in action in diverse cases. Take a look at them:

// example on sanitizing strings in a basic way

$string = '<script>alert('hello');</script>';

echo filter_var($string, FILTER_SANITIZE_STRING); // quotes are encoded

 

 

// example on sanitizing strings using the FILTER_FLAG_NO_ENCODE_QUOTES argument

$string = '<script>alert('hello');</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); // quotes are not encoded

 

 

// example on sanitizing strings using the FILTER_FLAG_STRIP_LOW argument

$string = '<script>#$%^&!*</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); // strips low characters

 

 

// example on sanitizing strings using the FILTER_FLAG_STRIP_HIGH argument

$string = '<script>This is a string#$%^&!*</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // strips high characters

As shown above, the FILTER_SANITIZE_STRING filter has the ability to clean up strings in many different fashions. Now, speaking more specifically, the first case will encode the single quotes included within the sample literal, while the second example will behave the opposite way -- that is, it wonít encode the quotes, since the FILTER_FLAG_NO_ENCODE_QUOTES has been passed to the ďfilter_var()Ē function.

Finally, the last two code snippets show how to use the filter for removing high and low ASCII characters from the supplied string, according to the option specified in each case. In addition, here are a few more examples that demonstrate how to sanitize different strings by removing the high and low ASCII characters included within them:

// example on sanitizing strings using the FILTER_FLAG_ENCODE_LOW argument

$string = '<script>This is a string#$%^&!*</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW); // encodes low characters

 

 

// example on sanitizing strings using the FILTER_FLAG_ENCODE_HIGH argument

$string = '<script>This is a string#$%^&!*</script>';

echo filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH); // encodes high characters

 

So far, nothing unexpected, right? As you saw earlier, the FILTER_SANITIZE_STRING filter can be used in different ways to remove and encode specific characters in a specific string. However, the filter is capable of doing a few more useful things with literals. So, in the last section of this tutorial Iím going to show you how to use it for sanitizing email addresses, as well as float and integer numbers.

Thus, to see how this will be accomplished click on the link below and read the following segment.



 
 
>>> More PHP Articles          >>> More By Alejandro Gervasio
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: