The Programmer News Hubb
Advertisement Banner
  • Home
  • Technical Insights
  • Tricks & Tutorial
  • Contact
No Result
View All Result
  • Home
  • Technical Insights
  • Tricks & Tutorial
  • Contact
No Result
View All Result
Gourmet News Hubb
No Result
View All Result
Home Tricks & Tutorial

Quick Tip: How to Filter Data with PHP

admin by admin
January 10, 2023
in Tricks & Tutorial


In this article, we’ll look at why it’s so important to filter anything that’s incorporated into our applications. In particular, we’ll look at how to validate and sanitize foreign data in PHP.

Never (ever!) trust foreign input in your application. That’s one of the most important lessons to learn for anyone developing a web application.

Foreign input can be anything — from $_GET and $_POST form input data, some elements on the HTTP request body, or even some values on the $_SERVER superglobal. Cookies, session values, and uploaded and downloaded document files are also considered foreign input.

Every time we process, output, include or concatenate foreign data into our code, there’s a potential vector for attackers to inject code into our application (the so-called injection attacks). Because of this, we need to make sure every piece of foreign data is properly filtered so it can be safely incorporated into the application.

When it comes to filtering, there are two main types: validation and sanitization.

Validation

Validation ensures that foreign input is what we expect it to be. For example, we might be expecting an email address, so we are expecting something with the ********@*****.*** format. For that, we can use the FILTER_VALIDATE_EMAIL filter. Or, if we’re expecting a Boolean, we can use PHP’s FILTER_VALIDATE_BOOL filter.

Amongst the most useful filters are FILTER_VALIDATE_BOOL, FILTER_VALIDATE_INT, and FILTER_VALIDATE_FLOAT to filter for basic types and the FILTER_VALIDATE_EMAIL and FILTER_VALIDATE_DOMAIN to filter for emails and domain names respectively.

Another very important filter is the FILTER_VALIDATE_REGEXP that allows us to filter against a regular expression. With this filter, we can create our custom filters by changing the regular expression we’re filtering against.

All the available filters for validation in PHP can be found here.

Sanitization

Sanitization is the process of removing illegal or unsafe characters from foreign input.

The best example of this is when we sanitize database inputs before inserting them into a raw SQL query.

Again, some of the most useful sanitization filters include the ones to sanitize for basic types like FILTER_SANITIZE_STRING, FILTER_SANITIZE_CHARS and FILTER_SANITIZE_INT, but also FILTER_SANITIZE_URL and FILTER_SANITIZE_EMAIL to sanitize URLs and emails.

All PHP sanitization filters can be found here.

filter_var() and filter_input()

Now that we know PHP has an entire selection of filters available, we need to know how to use them.

Filter application is done via the filter_var() and filter_input() functions.

The filter_var() function applies a specified filter to a variable. It will take the value to filter, the filter to apply, and an optional array of options. For example, if we’re trying to validate an email address we can use this:



$email = your.email@sitepoint.com:

if ( filter_var( $email, FILTER_VALIDATE_EMAIL ) ) {
    echo ("This email is valid");
}

If the goal was to sanitize a string, we could use this:


$string = "

Hello World

"
; $sanitized_string = filter_var ( $string, FILTER_SANITIZE_STRING); echo $sanitized_string;

The filter_input() function gets a foreign input from a form input and filters it.

It works just like the filter_var() function, but it takes a type of input (we can choose from GET, POST, COOKIE, SERVER, or ENV), the variable to filter, and the filter. Optionally, it can also take an array of options.

Once again, if we want to check if the external input variable “email” is being sent via GET to our application, we can use this:



if ( filter_input( INPUT_GET, "email", FILTER_VALIDATE_EMAIL ) ) {
    echo "The email is being sent and is valid.";
}

Conclusion

And these are the basics of data filtering in PHP. Other techniques might be used to filter foreign data, like applying regex, but the techniques we’ve sen in this article are more than enough for most use cases.

Make sure you understand the difference between validation and sanitization and how to use the filter functions. With this knowledge, your PHP applications will be more reliable and secure!



Source link

Previous Post

Faking Min Width on a Table Column | CSS-Tricks

Next Post

How to Help Clients Round Out Their Ideas

Next Post

How to Help Clients Round Out Their Ideas

Recommended

Report: over 30% of applications contain flaws at first scan

2 weeks ago

GitLab Dedicated serves as single-tenant SaaS solution

2 months ago

Predictive Index and Artificial Intelligence

2 months ago

Digital.ai announces newest version of AI-Powered DevOps Platform

3 months ago

The Best Tools and Resources for Web Designers in 2022

3 months ago

Responsive Animations for Every Screen Size and Device | CSS-Tricks

3 months ago

© 2022 The Programmer News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • Technical Insights
  • Tricks & Tutorial
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • Technical Insights
  • Tricks & Tutorial
  • Contact

© 2022 The Programmer News Hubb All rights reserved.