info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-22 05:03:22 +02:00
Code Issues Projects Releases Wiki Activity

Rework data filtering section

Browse Source
This commit is contained in:
=
2012-07-10 14:39:47 -04:00
parent 85435b542f
commit 67061a0f82
2 changed files with 31 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
_posts/07-04-01-Data-Filtering.md Normal file
View File

@@ -0,0 +1,31 @@
---
isChild: true
---
## Data Filtering
Never ever (ever) trust foreign input introduced to your PHP code. That leads to dangerous places. Instead, always sanitize and validate foreign input before trusting and using it in your code.
PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text and validate formats (e.g. email addresses).
* [Learn about data filtering][1]
* [Learn about `filter_var`][4]
* [Learn about `filter_input`][5]
### Sanitization
Sanitization removes (or escapes) illegal or unsafe characters from foreign input. For example, you should sanitize foreign input before including the input in HTML or inserting it into a raw SQL query. When you use bound parameters with [PDO](#databases_and_pdo), it will sanitize the input for you.
[See Sanitization Filters][2]
### Validation
Validation ensures that foreign input is what you expect. For example, you may want to validate an email address, a phone number, or age when processing a registration submission.
[See Validation Filters][3]
[1]: http://www.php.net/manual/en/book.filter.php
[2]: http://www.php.net/manual/en/filter.filters.sanitize.php
[3]: http://www.php.net/manual/en/filter.filters.validate.php
[4]: http://php.net/manual/en/function.filter-var.php
[5]: http://www.php.net/manual/en/function.filter-input.php

17
_posts/07-04-01-Input-Filtering-and-Sanitizing.md
View File

@@ -1,17 +0,0 @@
---
isChild: true
---
## Input Filtering and Sanitizing
Never ever (ever) trust foreign input introduced to your PHP code. That leads to dark and dangerous places. Instead, always filter foreign input before you use it in your code.
PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text, verify formats (e.g. email addresses), and escape characters.
For example, if you accept code from an HTML form, you'll want to use `filter_input` before inserting the input into a database or inserting the input into an HTML response.
* [Learn about `filter_var`][5]
* [Learn about `filter_input`][6]
[5]: http://php.net/manual/en/function.filter-var.php
[6]: http://www.php.net/manual/en/function.filter-input.php