|
PHP filters are used to validate and filter data coming from insecure sources,
like user input. A PHP filter is used to validate and filter data coming from
insecure sources. To test, validate and filter user input or custom data is an
important part of any web application. The PHP filter extension is designed to
make data filtering easier and quicker. The PHP filter extension has many of the
functions needed for checking many types of user input, handled locally this
provides a standard method of filtering data. You should always filter all
external data.
External data may be input data from a form, cookies data, server variables, web
service data and database query result etc.
There are three types of filters which are used in PHP, defined as follows.
1.
Validate Filters
2.
Sanitize Filter
3.
Other Filter
Validate Filters:
Validate filters are used to validate user input value such as: integer,
Boolean, float, IP address, email, URL etc. Validate filter follow the strict
format rule such as email, URL etc.
Let’s have an example, how to use validate filter id in PHP.
Example:
<!DOCTYPE
html>
<html>
<head>
<meta
http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title></title>
</head>
<body>
<?php
$val
=
12.0 ;
if (filter_var($val,FILTER_VALIDATE_INT))
{
print ("valid int ");
}
else
{
print ("Invalid int");
}
?>
</body>
</html>
Output:
In the same manner we can use all the validate filter id such as:
FILTER_VALIDATE_INT, FILTER_VALIDATE_EMAIL, FILTER_VALIDATE_FLOAT
etc.
Sanitize Filter:
Sanitize filter are used to allow or disallow specified characters in a string.
Sanitize filter have no format rule, it always return string value.
Let’s have an example, how to use Sanitize filter in PHP.
Example:
Here we have ‘SanitizeFilterPage.php’ having ‘submit’ button to submit form onto
server.
<!DOCTYPE
html>
<html>
<head>
<meta
http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title></title>
</head>
<body>
<form
id="frmBody"
method="get" action="SanitizeFilter.php">
<table>
<tr>
<td>TO:</td>
<td>
<input
type="text"
id="txtEmailTo"
name="emailTo"
value=""
></input></td>
</tr>
<tr>
<td> From:</td>
<td>
<input
type="text"
id
="txtEmailFrom"
name
="emailFrom"
value=""></input></td>
</tr>
<tr>
<td>Subject:</td>
<td><input
type="text"
id="txtSubject"
name="emailSubject"
value=""></input></td>
</tr>
<tr>
<td>
Message Body:
</td>
<td>
<textarea
id
="txtaraeMsgBody"
name
="areaMsgBody"
value=""></textarea>
</td>
</tr>
<tr>
<td>
</td>
<td>
<input
type
="submit"
id="btnsubmit"
name="btnSubmitEmail"
value="Submit"
></input>
</td>
</tr>
</table>
</body>
</html>
When we click on ‘Submit’ button, the form is submitted to server with Get
method, now we can filter URL on the ‘SanitizFilter.php’ page.
<!DOCTYPE
html>
<html>
<head>
<meta
http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title></title>
</head>
<body>
<?php
if(!filter_has_var(INPUT_GET, "emailTo"))
{
echo
'url does not
exit';
}
else
{
$url
=
filter_input(INPUT_GET,
"emailTo",
FILTER_SANITIZE_URL);
echo $url ;
}
?>
</body>
</html>
Here, we are filtering URL with ‘emailTo’ name.
Other Filter:
‘FILTER_CALLBACK’ is used for filter data by calling user defined function. This
filter gives us full control over the data filtering.
Let’s have an example, how to use FILTER_CALLBACK in PHP with user defined
function.
Example:
<?php
// user
define
function to
filter
user
input
data
function
MyCallbackFunction($name)
{
return
str_replace(" ",
" _ ", $name);
}
$name
=
"My name is Arun singh !";
echo
filter_var($name,
FILTER_CALLBACK,
array("options"=>"MyCallbackFunction"));
?>
Output:
Here blank space (‘ ‘) is replaced by ‘ _ ‘
|