PHP Data Sanitization w/ Filter

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded easily into HTML. PHP is particularly well designed for dynamic Web applications, server-side scripting and database interaction. However the ease of accessing data stores and presenting dynamic information to users can lead to serious security risks when user input is involved.

Data sanitizing is a simple means of taking any data inputted by a user and filtering out any content your application is not expecting (and you want to avoid!). Never trust the data a user may input will be accurate and harmless. PHP 5.2.0 is packaged with the filter() functions that provide basic filtering of specific types of data based on function arguments:

<?php

$myIPaddress = "10.10.141.3";

if (filter_var($ip, FILTER_VALIDATE_IP)){

     echo $myIPaddress." is a valid IP address";

} else {

     echo $myIPaddress." is not a valid IP address";

}
?>

This basic function performs a check against the variable $myIPaddress to ensure it is a valid IP address. Performing these function checks against user-inputted data via the $_GET or $_POST global arrays is an absolute necessity for any user input field in an application. The filter functions provide standard data filtering saving the time and effort of creating custom functions to filter data.

There are many variations of these functions to check various types of data. Visit http://www.w3schools.com/PHP/filter_validate_ip.asp for more information on specific syntax.

Panorama theme by Themocracy