Securing data with PHP filter functions

Securing data with PHP filter functions : Several websites certainly encourage user registrations, logins and other actions or events that has to do with the user inputs, and these inputs which are actually being handled by the user can contain real time malicious code because of the fact that some user inputs are not trusted.
Now there are several ways of handling these user inputs which may be malicious at some point, and to avoid these malicious inputs harming our web applications, there are certain rules which we need to lay down in order to enable real time authentication and security. One of these method is using Regular expressions and Also the filter function which am going to break down in details now.
 

The php filter function ?

Now please don’t get me wrong, the Regular expression in PHP really stands and plays a great role into achieving authentication and security, the Php filter functions are in-built php functions whose base are rooted by several regular expression ruless, now what i mean is that these functions were developed by using several regular expression codes for example:
 

<?php
 function filter_var($variable_to_check, $inbuilt_method)
(
    //regular expression code here
)
function filter_validate_email($variable_to_check, $inbuilt_method)
(
    //regular expression code here
)
//... rest of the code ...
?>

So these filter_var function was formed this way, it did not erupt from the moon by the Gods.. (sorry for the humor). Now in order to use this filter_var function, we need to know what options (methods created for it) it offers.
 

PHP filter_var options

Now to know the functions and options which the filter_var function proposes use the following code below, the code uses the filter_list to display all the methods which the PHP filter extension list offers.

<?php
/**
* Check the various functions which
* the filter_var function proposes
* and return via a table
*/
echo "<table>";
echo "<tr><td>Filter Name</td>";
echo "<td> Filter Method</td></tr>";
    foreach(filter_list() as $id => $filter)
        {
            echo "<tr><td>" . $filter . "</td><td>". $filter_id($filter). ";
        }
?>

Why Use Filters?

Many web applications receive external input (As i earlier stated), and these external input/data can be a user input from a form, cookies, web services data, server variables, database query results.

Sanitize a string

The following example uses the filter_var function to remove special html characters from a string, the function takes two pieces of data

  • The variable you want to check
  • The type of check to use
<?php
#basic code for sanitizing and validating stuff
#specify the string to sanitize
$str_to_sanitize = "welcome home dude";
$sanitize_str_x = filter_var($str_to_sanitize, FILTER_SANITIZE_STRING);
var_dump( $sanitize_str_x);
?>

Sanitize an email

The following example uses the filter_var function to remove illegal characters from an email and also checks if the input is really an email by checking the email format, the function takes two pieces of data

  • The variable you want to check
  • The type of check to use
<?php
#write another code to test for email entries
$email_input_by_user = "xxxx@gmail.com";
$validate_sanitize_email = filter_var($email_input_by_user, FILTER_VALIDATE_EMAIL);
$sanitize_the_email = filter_var($email_input_by_user, FILTER_SANITIZE_EMAIL);
var_dump($validate_sanitize_email);
var_dump($sanitize_the_email);
?>

Sanitize an Integer

The following example uses the filter_var function to check the validity of an integer, the function takes two pieces of data

  • The variable you want to check
  • The type of check to use
<?php
$int = 54;
#run the filter_var function to test
if(!filter_var($int, FILTER_VALIDATE_INT) === 0 ||
 !filter_var($int, FILTER_VALIDATE_INT === false))
{
echo ("Integer is valid");
} else
{
echo ("Not a valid integer");
}
?>

That’s all for now.

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More