Home arrow PHP arrow Page 4 - Sanitizing Strings with Filters in PHP 5

Sanitizing email addresses, integers and float numbers - PHP

Welcome to the eighth part of a nine-part series on using filters in PHP 5. In this part, I discuss how to use the filter extension for sanitizing strings in all sorts of clever manners. I'll show you how to encode quotes, low and high ASCII characters in literals, and remove them in the same easy manner. Doing this can help prevent SQL injections and XSS attacks when developing PHP applications.

TABLE OF CONTENTS:
  1. Sanitizing Strings with Filters in PHP 5
  2. Review: the FILTER_VALIDATE_IP filter
  3. Sanitizing strings with the filter library
  4. Sanitizing email addresses, integers and float numbers
By: Alejandro Gervasio
Rating: starstarstarstarstar / 2
September 02, 2009

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

As I said previously, the FILTER_SANITIZE_STRING filter has the ability to sanitize email addresses and float and integer numbers. So, to help you grasp how these tasks can be performed in a very simple way, please look at the following examples, which are pretty intuitive. Here they are:

// example sanitizing an email address using the FILTER_SANITIZE_EMAIL filter

$email = 'alejandro(&)gervasio@domain.com';

echo filter_var($email, FILTER_SANITIZE_EMAIL); // sanitizes email address

 

 

// example sanitizing a URL using the FILTER_SANITIZE_URL filter

$email = 'http://www.devshed.c!m';

echo filter_var($email, FILTER_SANITIZE_URL); // removes invalid characters from a URL

 

 

// example sanitizing an integer using the FILTER_SANITIZE_NUMBER_INT filter

$value = '12abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_INT); // sanitizes an integer

 

 

// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter

$value = '12.abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); // sanitizes a float number and converts it to an integer

 

 

// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter and the FILTER_FLAG_ALLOW_FRACTION argument

$value = '12.abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); // sanitizes a float number

 

 

// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter and the FILTER_FLAG_ALLOW_THOUSAND

$value = '12.,abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND); // sanitizes a float number

 

 

// example sanitizing magic quotes using the FILTER_SANITIZE_MAGIC_QUOTES filter

$value = "I'm Alejandro Gervasio";

echo filter_var($value, FILTER_SANITIZE_MAGIC_QUOTES);

Undoubtedly, from the code samples show previously, itís clear to see how simple it is to use the FILTER_SANITIZE_STRING filter to perform different clean up tasks on email addresses, integers and float numbers. In each particular case a specific argument has been passed to the ďfilter_var()Ē function to accomplish a specified sanitization process, including the removal of invalid characters from an email address, float and integer numbers respectively. Iím sure that at this point youíve grasped the logic behind using this handy filter.

With these examples Iím finishing this chapter of the series on sanitizing strings with the PHP 5 filter extension. As usual, feel free to edit all of the code samples developed in this tutorial. This way you can sharp your existing skills for working with this powerful library. The experience will be instructive, trust me.

Final thoughts

Over the eight part of this series, I discussed how to take advantage of the functionality provided by the PHP 5 filter extension, this time for sanitizing strings in all sort of clever manners. As you saw earlier, by using the FILTER_SANITIZE_STRING filter itís possible to encode quotes, low and high ASCII characters in literals, as well as removing them in the same easy manner, which can be extremely useful for preventing SQL injections and XSS attacks when developing PHP applications.

In the last chapter, Iím going to continue reviewing a few more capabilities offered by the filter library for sanitizing strings and using callbacks functions, thus finishing this round-up on the main features packaged with this powerful PHP extension. So, my little piece of advice here is simple and straight: donít miss the final chapter!



 
 
>>> More PHP Articles          >>> More By Alejandro Gervasio
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: