How to filter and validate data in PHP 01/23 Update SLTechnology News&Howtos

How to filter and validate data in PHP

2025-01-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

Today, I will talk to you about how to filter and verify data in PHP. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

Never trust external input, never trust any data from a data source that is not under your direct control. In actual development, there are always people who intentionally or unintentionally inject dangerous data into PHP code, so PHP security programming becomes very important. Generally, we deal with external input security ideas: filter input, verify data.

Filter input

Filtering input refers to the escape or deletion of unsafe characters from external data.

External input can be anything: form input data such as $_ GET and $_ POST, some values in the $_ SERVER hyperglobal variable, and the HTTP request body obtained through fopen ('php://input', 'r'). Keep in mind that the definition of external input is not limited to data submitted by the user through the form. Uploaded and downloaded documents, session values, cookie data, and data from third-party web services are all external inputs.

It is the first line of defense to filter incoming data before it reaches the storage layer (MySQL or Redis).

If someone enters the following in the comment box and submits:

Alert ("Helloweba")

Obviously, malicious tags are added here, and if we don't do anything, the data goes directly into the storage layer, and then the user will output a pop-up warning box when browsing the web. So that's why we don't trust any external input.

So how do you use PHP processing to filter input data? Here are some of my suggestions:

1. For the content that needs to be output to the page, use the strip_tags () function to remove the HTML tag or use the htmlentities () or htmlspecialchars () function to escape the special characters to get their respective HTML entities to avoid XSS attacks. For example, filter the script script above:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.