Data Filtering!
Ok, something I’m trying to get right at the moment is data sanitization. now. filter_var is a great function but it lacks certain things, firstly the numbers/flags are a pain to remember.
For this particular reason, I wrote this function. It is called like anything else in a static class (in my case, my config class, just for the sake of being able to call it anywhere) and an example use is config::filterall($var, ’string’) where $var =”<b> hello </b> “; it would only return hello.
This function is well documented and easy to edit, so go ahead.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | public static function filterall($var, $type='') { if($type == 'string') { #if type is set to string run this $var = filter_var($var, FILTER_SANITIZE_STRING); #removes certain chars, this is to help prevent people putting html into their names etc. $var = filter_var($var, FILTER_SANITIZE_SPECIAL_CHARS); #removes the chars that contribute to tags and turns them into things like & becomes & } if($type == 'int') { #if type is set to int run this $check = filter_var($var, FILTER_VALIDATE_INT); #checks if the var is a valid integer if($check == false) { #if var is NOT a valid integer continue to sanitize $var = filter_var($var, FILTER_SANITIZE_NUMBER_INT); #sanitize input to just collect numbers within inputed string. } str_replace('+', '', $var); #theres no need for a + in the ints I will be using. str_replace('-', '', $var); #once again, no need for a - in the ints I will be using. str_replace('.', '', $var); #if I need decimal points I will use float instead of int. } if($type == 'float') { #if type is set to float run this $check = filter_var($var, FILTER_VALIDATE_FLOAT); #check if the var is a valid float if($check == false) { #if var is NOT a valid float continue to sanitize $var = filter_var($var, FILTER_SANITIZE_NUMBER_FLOAT); #sanitize the var so it becomes a valid float. } str_replace('+', '', $var); #once again, no need for + signs str_replace('-', '', $var); #no need for - signs } if($type == 'email') { #if type is set to email run this $check = filter_var($var, FILTER_VALIDATE_EMAIL); #check if var is a valid email if($check == false) { #continues to sanitize if not a valid email $var = filter_var($var, FILTER_SANITIZE_EMAIL); #sanitize to make valid email. need to add extra here just in case of 'false-positives' } } if($type == 'ip') { #if type is set to ip run this $check = filter_var($var, FILTER_VALIDATE_IP); #checks IP against both IPv4 and IPv6 if($check == false) { #if not v4 or v6 compliant IP, continues to sanitize. str_replace(':', '.', $var); #because FILTER_VAR_SANITIZE_NUMBER_INT gets rid of : signs, it needs to be replace with a . which is left behind. $var = filter_var($var, FILTER_SANITIZE_NUMBER_INT); #sanitizes the IP string after having its :'s replaced assuming its an IPv6 IP. if(strlen($var) > 15) { #standard IP(IPv4) is no longer than 15 chars(000.000.000.000) so assuming IPv6 is much longer, continue. str_replace('.', ':', $var); #if its an IPv6 address(2001:0db8:85a3:08d3:1319:8a2e:0370:7334) then replace all the .'s we changed earlier back to :'s } } } if($type == 'boolean') { #if type is set to boolean run this $check = filter_var($var, FILTER_VALIDATE_BOOLEAN); #check to see if its a valid boolean true/false, 0/1, yes/no etc or else return NULL if($check == NULL) { #if returns NULL continue $var = ''; #give var value of nothing, meaning if done correctly the method/function/query won't go ahead due to lack of input. } } return $var; #return the final var. }//end function filterall |
Leave a comment
My Name is Alistair McIntyre and I am an 18 year old web development student living in Christchurch New Zealand.
For years now I have gone under the handle of killainstnct through online gaming.
I am now using it for this personal/portfolio blog site. more...
January 4, 2010
Sweet dude I’m lovin this wordpress bis I need to know how to manage what posts go on the main page though so I’m trying to Suss out the loop. Lata