Securing data with PHP filter functions

php filter_var
php filter_var

Securing data with PHP filter functions : Several websites certainly encourage user registrations, logins and other actions or events that has to do with the user inputs, and these inputs which are actually being handled by the user can contain real time malicious code because of the fact that some user inputs are not trusted.

SELECTED JUST FOR YOU
How to code a JavaScript validation form

Now there are several ways of handling these user inputs which may be malicious at some point, and to avoid these malicious inputs harming our web applications, there are certain rules which we need to lay down in order to enable real time authentication and security. One of these method is using Regular expressions and Also the filter function which am going to break down in details now.

SELECTED JUST FOR YOU
Testing flask applications using Pytest

 

The php filter function ?

Now please don’t get me wrong, the Regular expression in PHP really stands and plays a great role into achieving authentication and security, the Php filter functions are in-built php functions whose base are rooted by several regular expression ruless, now what i mean is that these functions were developed by using several regular expression codes for example:

SELECTED JUST FOR YOU
Forecast weather using Openweather Api in PHP

 

<?php
 function filter_var($variable_to_check, $inbuilt_method)
(
    //regular expression code here
)

function filter_validate_email($variable_to_check, $inbuilt_method)
(
    //regular expression code here
)

//... rest of the code ...
?>

So these filter_var function was formed this way, it did not erupt from the moon by the Gods.. (sorry for the humor). Now in order to use this filter_var function, we need to know what options (methods created for it) it offers.

SELECTED JUST FOR YOU
What to check before buying a Web hosting

 

PHP filter_var options

Now to know the functions and options which the filter_var function proposes use the following code below, the code uses the filter_list to display all the methods which the PHP filter extension list offers.

<?php 
/**
* Check the various functions which
* the filter_var function proposes
* and return via a table
*/
echo "<table>";
echo "<tr><td>Filter Name</td>";
echo "<td> Filter Method</td></tr>";
    foreach(filter_list() as $id => $filter)
        {
            echo "<tr><td>" . $filter . "</td><td>". $filter_id($filter). ";
        }
?>

Why Use Filters?

Many web applications receive external input (As i earlier stated), and these external input/data can be a user input from a form, cookies, web services data, server variables, database query results.

SELECTED JUST FOR YOU
The lingua franca of software: why you need to learn Javascript

Sanitize a string

The following example uses the filter_var function to remove special html characters from a string, the function takes two pieces of data

  • The variable you want to check
  • The type of check to use
<?php
#basic code for sanitizing and validating stuff
#specify the string to sanitize
        
$str_to_sanitize = "welcome home dude";
$sanitize_str_x = filter_var($str_to_sanitize, FILTER_SANITIZE_STRING);
var_dump( $sanitize_str_x);
?>

Sanitize an email

The following example uses the filter_var function to remove illegal characters from an email and also checks if the input is really an email by checking the email format, the function takes two pieces of data

  • The variable you want to check
  • The type of check to use
<?php

#write another code to test for email entries

$email_input_by_user = "xxxx@gmail.com";
$validate_sanitize_email = filter_var($email_input_by_user, FILTER_VALIDATE_EMAIL);
$sanitize_the_email = filter_var($email_input_by_user, FILTER_SANITIZE_EMAIL);
var_dump($validate_sanitize_email);
var_dump($sanitize_the_email);
?>

Sanitize an Integer

The following example uses the filter_var function to check the validity of an integer, the function takes two pieces of data

  • The variable you want to check
  • The type of check to use
<?php 
$int = 54;

#run the filter_var function to test
if(!filter_var($int, FILTER_VALIDATE_INT) === 0 ||
 !filter_var($int, FILTER_VALIDATE_INT === false))
{
echo ("Integer is valid");
} else 
{
echo ("Not a valid integer");
}
?>

That’s all for now.

SELECTED JUST FOR YOU
WordPress 4.8 Update: An Update with You in Mind

LEAVE A REPLY

Please enter your comment!
Please enter your name here