Introduction
Hi guys, In this article we are going to understand the concept of the PHP filter. First of all we need to understand the concept thoroughly. You must have installed the Xampp server.
Concept
The point is that PHP filters are used to validate and filter data coming
from insecure sources, like user input. To have test on the particular thing
validate and filter user input or custom data is an important part of any web
application.
Reasons to use PHP filter
By knowing that almost all the web application
depend on external inputs. This can come by a user or another application say
any web services. By using the filter we can easily validate the user input or
by using filters you can be sure your application gets the correct input type.
Input filtering is one of the most important application security issues. So do
you know how many kind of the external inputs we can use in our web application?
Answer of above doubt are as follow:
- Cookies
- Input from the form
- web services
- Database query result
- Server variable
Functions and Filters in PHP
In this section we are going to filter a
variable, use one of the following filter functions:
- filter_var() - Filters a single variable
with a specified filter.
- filter_var_array() - Filter several
variables with the same or different filters.
- filter_input - Get one input variable and
filter it.
- filter_input_array - Get several input
variables and filter them with the same or different filters.
There are three kind of filters we are having
for this purpose :
- Validating filters
- Sanitizing filters
- Options and Flags
Validating filters
- Are used to validate user input
- Strict format rules (like URL or E-Mail
validating)
- Returns the expected type on success or
FALSE on failure
Sanitizing filters
- Are used to allow or disallow specified
characters in a string
- No data format rules
- Always return the string
Options and Flags
Options and flags are used to add additional filtering options to the
specified filters.
Let us see the way to validate the Input
Validate Input
In this part we are going to understand validate input. First of all we need
to do is to confirm that the input data we are looking for exists. Then we
filter the input data using the filter_input() function.
<?php
if(!filter_has_var(INPUT_GET,
"email")
{
echo("Input
type does not exist");
}
else
{
if
(!filter_input(INPUT_GET,
"email",
FILTER_VALIDATE_EMAIL))
{
echo
"E-Mail is
not valid";
}
else
{
echo
"E-Mail is
valid";
}
}
?>
Sanitize Input
First we confirm that the input data we are
looking for exists. Then we sanitize the input data using the filter_input()
function.
<?php
if(!filter_has_var(INPUT_POST,
"url"))
{
echo("Input
type does not exist");
}
else
{
$url = filter_input(INPUT_POST,"url",
FILTER_SANITIZE_URL);
}
?>
Filter Multiple Inputs
As we a know a web form can have a multiple inputs fields. To avoid calling
the filter_var or filter_input functions over and over, we can use the
filter_var_array or the filter_input_array functions.
Lets have a above concept with an example
<html>
<head>
</head>
<body
bgcolor="lightgreen">
<center>
<h3><marque>Filter
function in PHP</marque></h3>
<hr>
<?php
$filters =
array
(
"name"
=>
array
(
"filter"=>FILTER_SANITIZE_STRING
),
"age"
=>
array
(
"filter"=>FILTER_VALIDATE_INT,
"options"=>array
(
"min_range"=>1,
"max_range"=>120
)
),
"email"=>
FILTER_VALIDATE_EMAIL,
);
$result = filter_input_array(INPUT_GET, $filters);
if
(!$result["age"])
{
echo("DEEPAK
:Age must be a number between 1 and 120.<br />");
}
elseif(!$result["email"])
{
echo("E-Mail
is not valid.<br />");
}
else
{
echo("User
input is valid");
}
?>
</body>
</html>
Save it as fil.php
Output of above code
To run the code, Open the XAMPP server and start the services like Apache and
MySQL. Open the browser type: http://localhost/yourfoldername/fil.php
Elaboration of code
There are three inputs (name, age and email) sent to it using the "GET"
method:
- Set an array containing the name of input
variables and the filters used on the specified input variables
- Call the filter_input_array() function
with the GET input variables and the array we just set
- Check the "age" and "email" variables in
the $result variable for invalid inputs. (If any of the input variables are
invalid, that input variable will be FALSE after the filter_input_array()
function)
Conclusion : Filtration in any web
application plays an role web development.
Thanks !!