From 67061a0f8281a2ca3c4c5d79613e407881021257 Mon Sep 17 00:00:00 2001 From: = Date: Tue, 10 Jul 2012 14:39:47 -0400 Subject: [PATCH] Rework data filtering section --- _posts/07-04-01-Data-Filtering.md | 31 +++++++++++++++++++ ...07-04-01-Input-Filtering-and-Sanitizing.md | 17 ---------- 2 files changed, 31 insertions(+), 17 deletions(-) create mode 100644 _posts/07-04-01-Data-Filtering.md delete mode 100644 _posts/07-04-01-Input-Filtering-and-Sanitizing.md diff --git a/_posts/07-04-01-Data-Filtering.md b/_posts/07-04-01-Data-Filtering.md new file mode 100644 index 0000000..6407003 --- /dev/null +++ b/_posts/07-04-01-Data-Filtering.md @@ -0,0 +1,31 @@ +--- +isChild: true +--- + +## Data Filtering + +Never ever (ever) trust foreign input introduced to your PHP code. That leads to dangerous places. Instead, always sanitize and validate foreign input before trusting and using it in your code. + +PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text and validate formats (e.g. email addresses). + +* [Learn about data filtering][1] +* [Learn about `filter_var`][4] +* [Learn about `filter_input`][5] + +### Sanitization + +Sanitization removes (or escapes) illegal or unsafe characters from foreign input. For example, you should sanitize foreign input before including the input in HTML or inserting it into a raw SQL query. When you use bound parameters with [PDO](#databases_and_pdo), it will sanitize the input for you. + +[See Sanitization Filters][2] + +### Validation + +Validation ensures that foreign input is what you expect. For example, you may want to validate an email address, a phone number, or age when processing a registration submission. + +[See Validation Filters][3] + +[1]: http://www.php.net/manual/en/book.filter.php +[2]: http://www.php.net/manual/en/filter.filters.sanitize.php +[3]: http://www.php.net/manual/en/filter.filters.validate.php +[4]: http://php.net/manual/en/function.filter-var.php +[5]: http://www.php.net/manual/en/function.filter-input.php diff --git a/_posts/07-04-01-Input-Filtering-and-Sanitizing.md b/_posts/07-04-01-Input-Filtering-and-Sanitizing.md deleted file mode 100644 index 3af6cde..0000000 --- a/_posts/07-04-01-Input-Filtering-and-Sanitizing.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -isChild: true ---- - -## Input Filtering and Sanitizing - -Never ever (ever) trust foreign input introduced to your PHP code. That leads to dark and dangerous places. Instead, always filter foreign input before you use it in your code. - -PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text, verify formats (e.g. email addresses), and escape characters. - -For example, if you accept code from an HTML form, you'll want to use `filter_input` before inserting the input into a database or inserting the input into an HTML response. - -* [Learn about `filter_var`][5] -* [Learn about `filter_input`][6] - -[5]: http://php.net/manual/en/function.filter-var.php -[6]: http://www.php.net/manual/en/function.filter-input.php