| Performance and Security |
 |
2024-04-20 |
 |
 |
10 |
 |
|
Config
filter.default=special_chars
API
<?php
$email = filter_input(INPUT_POST, 'name', FILTER_VALIDATE_EMAIL);
$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);
$url = filter_input(INPUT_COOKIE, 'url', FILTER_VALIDATE_URL);
$raw_msg = filter_input(INPUT_POST, 'msg', FILTER_UNSAFE_RAW);
$options = filter_input(INPUT_GET, 'options', FILTER_SANITIZE_SPECIAL_CHARS);
$data = filter_var($user_data, FILTER_SANITIZE_STRING);
?>
All the Filters
<table border="2" style="font-size:.9em; background:#fff;">
<?php
function test($data) {
return strtoupper($data);
}
$data = array("PHP","123","123abc<>()","O'Henry", "하퍼");
echo "<tr><th> </th><td>PHP</td><td>123</td><td>123abc<>()</td>";
echo "<td>O'Henry</td><td>하퍼</td></tr>\n";
foreach(filter_list() as $filter) {
$id = filter_id($filter);
switch($filter) {
case 'validate_regexp':
foreach($data as $k=>$v)
$result[$k] = filter_var($v,$id,array('options'=>array("regexp"=>'/^O.*/')));
break;
case 'callback':
foreach($data as $k=>$v)
$result[$k] = filter_var($v,$id,array("options"=>"test"));
break;
case 'validate_url':
foreach($data as $k=>$v)
$result[$k] = filter_var($v,$id,FILTER_FLAG_SCHEME_REQUIRED);
break;
default:
foreach($data as $k=>$v)
$result[$k] = filter_var($v,$id);
break;
}
echo "<tr><th align='left'>$filter</th>";
foreach($result as $v)
echo "<td>".htmlspecialchars($v)."</td>";
echo "</td></tr>\n";
}
?>
</table>
Output
| | PHP | 123 | 123abc<>() | O'Henry | 하퍼 |
|---|
| int | | 123 | | | |
|---|
| boolean | | | | | |
|---|
| float | | 123 | | | |
|---|
| validate_regexp | | | | O'Henry | |
|---|
| validate_domain | PHP | 123 | 123abc<>() | O'Henry | 하퍼 |
|---|
| validate_url | | | | | |
|---|
| validate_email | | | | | |
|---|
| validate_ip | | | | | |
|---|
| validate_mac | | | | | |
|---|
| string | PHP | 123 | 123abc() | O'Henry | 하퍼 |
|---|
| stripped | PHP | 123 | 123abc() | O'Henry | 하퍼 |
|---|
| encoded | PHP | 123 | 123abc%3C%3E%28%29 | O%27Henry | %ED%95%98%ED%8D%BC |
|---|
| special_chars | PHP | 123 | 123abc<>() | O'Henry | 하퍼 |
|---|
| full_special_chars | PHP | 123 | 123abc<>() | O'Henry | 하퍼 |
|---|
| unsafe_raw | PHP | 123 | 123abc<>() | O'Henry | 하퍼 |
|---|
| email | PHP | 123 | 123abc | O'Henry | |
|---|
| url | PHP | 123 | 123abc<>() | O'Henry | |
|---|
| number_int | | 123 | 123 | | |
|---|
| number_float | | 123 | 123 | | |
|---|
| magic_quotes | PHP | 123 | 123abc<>() | O\'Henry | 하퍼 |
|---|
| add_slashes | PHP | 123 | 123abc<>() | O\'Henry | 하퍼 |
|---|
| callback | PHP | 123 | 123ABC<>() | O'HENRY | 하퍼 |
|---|
filter_var_array/filter_input_array
<?php
error_reporting(E_ALL | E_STRICT);
$data = array(
'product_id' => 'libgd<script>',
'component' => '10',
'versions' => '2.0.33',
'testscalar' => array('2', '23', '10', '12'),
'testarray' => '2',
);
$args = array(
'product_id' => FILTER_SANITIZE_ENCODED,
'component' => array('filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_FLAG_ARRAY,
'options' => array('min_range' => 1, 'max_range' => 10)
),
'versions' => FILTER_SANITIZE_ENCODED,
'doesnotexist' => FILTER_VALIDATE_INT,
'testscalar' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_FLAG_SCALAR,
),
'testarray' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_FLAG_ARRAY,
)
);
// $myinputs = filter_input_array(INPUT_POST, $args);
$myinputs = filter_var_array($data, $args);
var_dump($myinputs);
?>
Output
array(6) {
["product_id"]=> array(1) {
[0]=> string(17) "libgd%3Cscript%3E"
}
["component"]=> array(1) {
[0]=> int(10)
}
["versions"]=> array(1) {
[0]=> string(6) "2.0.33"
}
["doesnotexist"]=> NULL
["testscalar"]=> bool(false)
["testarray"]=> array(1) {
[0]=> int(2)
}
} 