PHP中施用Filter进行数据安全过滤
PHP中使用Filter进行数据安全过滤
安全是个永恒的话题,任何一个PHPer都免不了要过数据验证及过滤这一关。通常的验证方法,相信只要有点经验的PHPer都能写个八九不离十,只是安全性高低的问题。这里我来介绍一种利用PHP的Filter来进行验证的方法,既简单又高效。
Filter
曾作为PHP扩展(PECL)的一部分,使用时需要加载外部库文件,但在PHP
5.2之后的版本已编译到PHP中,使用时无需加载。目前filter提供函数有:filter_has_var、filter_id、
filter_input_array、filter_input、filter_var_array、filter_var。限于篇幅,这里只介绍两个
最常使用的,filter_var和filter_input。filter_var用于页面内部变量的内容过滤,filter_input用于外部变量
(如POST、GET、COOKIE等)的内容过滤。
?
首先来介绍filter_var函数,先看下函数原型:
mixed filter_var ( mixed $variable [, int $filter [, mixed $options ]] )
$variable――要过滤的变量
$filter――要过滤的类型ID常量
$options――过滤类型参数
其
中需要重点掌握的是$filter参数,它是一些有特殊含义的预定义常量,如:FILTER_VALIDATE_INT代表验证整数型变
量,FILTER_VALIDATE_EMAIL代表验证email格式等。(更多常量可以查看PHP手册关于Filter部分的内容,里面有该参数的详
细列表)
对于返回值的情况,匹配时,匹配正确返回原内容,匹配错误时返回false;过滤时,返回过滤后内容。
下面是一些使用例子:
//整型格式测试
$var = '12345';
var_dump(filter_var($var, FILTER_VALIDATE_INT));
$var = '12B45';
var_dump(filter_var($var, FILTER_VALIDATE_INT));
$var=300;
$int_options = array("options"=>array("min_range"=>0, "max_range"=>256));
var_dump(filter_var($var, <code>FILTER_VALIDATE_INT</code>
, $int_options))
//Email格式测试
$var = 'linvo@126.com';
var_dump(filter_var($var, FILTER_VALIDATE_EMAIL));
$var = 'linvo@126com';
var_dump(filter_var($var, FILTER_VALIDATE_EMAIL));
//IP格式测试
$var = '11.22.33.44';
var_dump(filter_var($var, FILTER_VALIDATE_IP));
$var = '111.222.333.444';
var_dump(filter_var($var, FILTER_VALIDATE_IP));
//URL格式测试
$var = 'http://www.linvo2008.cn/blog';
var_dump(filter_var($var, FILTER_VALIDATE_URL));
$var = 'www.linvo2008.cn/blog';
var_dump(filter_var($var, FILTER_VALIDATE_URL));
//去除超文本标签测试
$var = 'This is a <a href="#" mce_href="#">link</a> test!';
var_dump(filter_var($var, FILTER_SANITIZE_STRING));大家可以自己运行一下看看结果。另外,对于第三个$options参数,可以对验证类型进行详细设置。比如验证IP时,可以通过该参数设置过滤规则为IPv4还是IPv6:
?
//IPv6格式测试(支持缩写形式) $var = '2001:0db8:85a3::1319:8a2e:0370:7344'; var_dump(filter_var($var, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6));
其他详细参数见PHP手册。
?
以上是页面内部变量的过滤,但我们希望的是可以直接验证用户输入的数据,这些数据是外部变量过来的,这就用到了filter_input函数:
mixed filter_input ( int $type , string $variable_name [, int $filter [, mixed $options ]] )
从
函数原型可以看出,除了原来那三个参数外,多了第一个$type参数。该参数用于设置要过滤变量所在的数组,也就相当于:post方式过来的保存
在$_POST数组中;get方式过来的保存在$_GET数组中一样。它也是通过预定义常量进行设置的,如:post对应INPUT_POST,get对
应INPUT_GET等。(更多常量见PHP手册)
下面也来个例子吧,该例子由两个页面组成:index.html前端表单页面;do.php后端处理页面。
file:index.html
?
file:do.php
?
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING); $qq = filter_input(INPUT_POST, 'qq', FILTER_VALIDATE_INT); $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $blog = filter_input(INPUT_POST, 'blog', FILTER_VALIDATE_URL); $error = '<em>Error</em>'; echo 'Name:',$name; $msg = $qq === false ? $error : $qq; echo 'QQ:',$msg; $msg = $email === false ? $error : $email; echo 'Email:',$msg; $msg = $blog === false ? $error : $blog; echo 'Blog:',$msg;
index.html页面演示效果(提交前):
do.php页面演示效果(提交后):
到这里,大家应该基本掌握了Filter的使用了,更多用途等待大家自己去发掘:)
?
参考:http://www.w3school.com.cn/php/php_ref_filter.asp
?
?
?
?
?
?
?
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1666
14
1426
52
1328
25
1273
29
1254
24
How to use email, smtplib, poplib, imaplib modules to send and receive emails in Python
May 16, 2023 pm 11:44 PM
The journey of an email is: MUA: MailUserAgent - Mail User Agent. (i.e. email software similar to Outlook) MTA: MailTransferAgent - Mail transfer agent, which is those email service providers, such as NetEase, Sina, etc. MDA: MailDeliveryAgent - Mail delivery agent. A server of the Email service provider sender->MUA->MTA->MTA->if
How to implement laravel input hidden field
Dec 12, 2022 am 10:07 AM
How to implement the laravel input hidden field: 1. Find and open the Blade template file; 2. Use the method_field method in the Blade template to create a hidden field. The creation syntax is "{{ method_field('DELETE') }}".
How to encapsulate input components and unified form data in vue3
May 12, 2023 pm 03:58 PM
Preparation Use vuecreateexample to create a project. The parameters are roughly as follows: use native input. Native input is mainly value and change. The data needs to be synchronized when changing. App.tsx is as follows: import{ref}from'vue';exportdefault{setup(){//username is the data constusername=ref('Zhang San');//When the input box changes, synchronize the data constonInput=;return( )=>({
What is the function of validate function
Oct 25, 2023 pm 04:34 PM
The validate function is typically used to validate and check input data to ensure that it conforms to specific rules, formats, or conditions. Its function is to verify the legality of input data in the program to improve the accuracy, integrity and security of the data. By using the validate function, invalid or illegal data can be detected and intercepted in advance to avoid subsequent code processing errors or exceptions.
![How to solve the '[Vue warn]: Failed to resolve filter' error](https://img.php.cn/upload/article/000/887/227/169243040583797.jpg?x-oss-process=image/resize,m_fill,h_207,w_330)
How to solve the '[Vue warn]: Failed to resolve filter' error
Aug 19, 2023 pm 03:33 PM
Methods to solve the "[Vuewarn]:Failedtoresolvefilter" error During the development process using Vue, we sometimes encounter an error message: "[Vuewarn]:Failedtoresolvefilter". This error message usually occurs when we use an undefined filter in the template. This article explains how to resolve this error and gives corresponding code examples. When we are in Vue
What to do if there is no cursor when clicking on the input box
Nov 24, 2023 am 09:44 AM
Solutions for clicking the input box without a cursor: 1. Confirm the focus of the input box; 2. Clear the browser cache; 3. Update the browser; 4. Use JavaScript; 5. Check the hardware device; 6. Check the input box properties; 7. Debug JavaScript code; 8. Check other elements of the page; 9. Consider browser compatibility.
18 Ways to Fix Audio Service Not Responding Issue on Windows 11
Jun 05, 2023 pm 10:23 PM
Audio output and input require specific drivers and services to work as expected on Windows 11. These sometimes end up running into errors in the background, causing audio issues like no audio output, missing audio devices, distorted audio, etc. How to Fix Audio Service Not Responding on Windows 11 We recommend you to start with the fixes mentioned below and work your way through the list until you manage to resolve your issue. The audio service may become unresponsive for a number of reasons on Windows 11. This list will help you verify and fix most issues that prevent audio services from responding on Windows 11. Please follow the relevant sections below to help you through the process. Method 1: Restart the audio service. You may encounter
Let's talk about the differences between var, let and const (code example)
Jan 06, 2023 pm 04:25 PM
This article brings you relevant knowledge about JavaScript. It mainly introduces the differences between var, let and const, as well as the relationship between ECMAScript and JavaScript. Interested friends can take a look at it. I hope Helpful to everyone.
