在PHP中输入过滤？

Is this link sufficent for example for input filtering form data? With a post for example?

<?php
$var=300;

$int_options = array(
"options"=>array
  (
  "min_range"=>0,
  "max_range"=>256
  )
);

if(!filter_var($var, FILTER_VALIDATE_INT, $int_options))
  {
  echo("Integer is not valid");
  }
else
  {
  echo("Integer is valid");
  }
?>

What is the most common kind of filtering? Like sanitizing strings and numbers. I use preg_match for validation of email fields on the server side and regular expression checks in javascript. I'm no validation nazi but would like to have some sort of filtering for the most common things.

These kind of things I think I could abstract away in my application with some public static functions in a class for example, like this

  Validate::String($str);
     Validate::Interger($int);

What do you think about that?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dsxsou8465 2010-02-25 20:19
关注
filter_var() is a good start. If you are planning on using these inputs in any type of SQL statement, you should look into properly sanitizing it for that, too.

PDO with prepared statements, mysql_real_escape_string or any other db wrapper (MBD2, etc...) should provide this functionality for you.

I guess the key idea here is that there is a difference between filtering and sanitizing data, and there are different levels of doing each. It's very much a multi-part process.

For filtering, you could do a type check (is this an int?) and then validate that the input meets your criteria (is this int between 1 and 128?)

You'll also need to sanitize the data. htmlspecialchars for output, some proper quoting and escaping for use in SQL.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(2条)

报告相同问题？

关注问题

在PHP中输入过滤？ php
2010-02-25 20:10

回答 3 已采纳 filter_var() is a good start. If you are planning on using these inputs in any type of SQL stateme
如何正确过滤PHP用户的输入？ php
2011-02-23 05:41

回答 5 已采纳 An important rule to live by is FIEO. Filter Input Escape Output. ANY information that you take a
如何从外部输入过滤并开始？ php
2014-07-31 23:13

回答 1 已采纳 I set up this example with the filter_startsWith option set to true and it appears to work when I
PHP Filter过滤器全面解析
2020-12-19 13:07

PHP 过滤器用于验证和过滤来自非安全来源的数据，比如用户的输入。什么是 PHP 过滤器？ PHP 过滤器用于验证和过滤...输入过滤是最重要的应用程序安全课题之一。什么是外部数据？ •来自表单的输入数据 •Cook
过滤php 5输入 php
2013-12-13 17:47

回答 1 已采纳 Yes, it's almost always enough to use them. However, depending on each query you do or each page c
如何使用多个过滤器正确拥有自动完成搜索输入？ jquery laravel php
2018-05-19 22:51

回答 1 已采纳 You will have to search for cities and add category property to the data you are sending to your a
我应该XSS过滤所有输入数据吗？ php xss
2015-01-03 03:18

回答 2 已采纳 It should work for making your application very secure, as no user input (besides the user editabl
php 过滤变量,thinkphp6 输入变量过滤
2021-04-09 10:49

柳叶锈刀的博客 thinkphp6 输入变量过滤官方文档地址：变量过滤框架默认没有设置任何全局过滤规则，你可以在app\Request对象中设置filter全局过滤属性：namespace app;class Request extends \think\Request{protected $filter = ['...
用于在帖子字段中过滤输入的正则表达式 php
2012-10-07 01:31

回答 2 已采纳 How about this: !preg_match('/^p[0-4][0-4]$/', $option_print) Or even this: !preg_match('/^p[0
使用实体作为symfony中EntityType输入过滤器的参数 php symfony
2017-05-11 20:48

回答 1 已采纳 "What I want to do is use the Entity passed to the createForm method in my controller to filter an
如何以编程方式应用Drupal输入过滤器？ php
2010-06-02 17:17

回答 1 已采纳 You are looking for check_markup (D6), check_markup (D7)
PHP过滤器的实现方法第1/2页
2021-01-20 00:20

PHP 过滤器用于验证和过滤来自非安全来源的数据，比如用户的输入。什么是 PHP 过滤器？... 输入过滤是最重要的应用程序安全课题之一。什么是外部数据？来自表单的输入数据 Cookies 服务器变量数据库
使用过滤器输入在$ _post中设置一个值 php
2014-05-24 17:00

回答 1 已采纳 If you are using Zend Framework, why not use the Request Object to get the parameters? Take a loo
PHP配置文件php.ini在哪里？
2020-06-20 17:57

cunjie3951的博客在本教程中，我们将讨论php.ini — PHP中的主要配置文件。从初学者的角度，我们将讨论其含义，在何处定位以及它提供的几个重要配置设置。什么是无论您是PHP初学者还是经验丰富的开发人员，我都可以肯定您已经...
PHP伪协议filter详解，php://filter协议过滤器
2023-06-12 06:41

士别三日wyx的博客 PHP://filter协议 PHP filter 过滤器
没有解决我的问题, 去提问

悬赏问题

¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
¥50 我撰写的python爬虫爬不了要爬的网址有反爬机制
¥15 Centos / PETSc / PETGEM
¥15 centos7.9 IPv6端口telnet和端口监控问题
¥120 计算机网络的新校区组网设计
¥20 完全没有学习过GAN，看了CSDN的一篇文章，里面有代码但是完全不知道如何操作
¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
¥20 海浪数据南海地区海况数据，波浪数据
¥20 软件测试决策法疑问求解答
¥15 win11 23H2删除推荐的项目，支持注册表等

在PHP中输入过滤？

3条回答 默认 最新

悬赏问题

3条回答默认最新