PHP Tutorial #24 Filters Part 2 " FILTER

Image Source

Repository

https://github.com/php/php-src

What Will I Learn?

You will learn the " FILTER_SANITIZE_EMAIL " and " FILTER_SANITIZE_ENCODED ".
You will learn the " FILTER_SANITIZE_QUOTES " and " FILTER_SANITIZE_FLOAT ".
You will learn the " FILTER_SANITIZE_INT " and " FILTER_SANITIZE_SPECIAL_CHARS ".
You will learn the " FILTER_SANITIZE_STRING " and " FILTER_SANITIZE_URL ".

Requirements

System Requirements:

Server support PHP , Xampp or Wamp for example
An IDE like Sublime text.
Browser (Chrome for example)

OS Support for PHP

Windows
macOS
Linux

Required Knowledge

HTML language
CSS language

Difficulty

Intermediate

Description

In this tutorial we will learn the second part of "filters", in the previous tutorial we have learned the "FILTER_VALIDATE", today we will take the "FILTER_SANITIZE".

The idea is that the "FILTER_VALIDATE" will test and will validate if the value entered by the user is suitable and is correct with the type of the column in the database for example or not.

But the "FILTER_SANITIZE" will clean or delete all the characters that don't belong to this type, and will return the original caracters of this type.

We need before validation to do the impossible and to minimize the faults of the user, and for that we will use before any validate the sanitize.

PHP offers 11 types of filtering, we will see 8 important types with their flags and use.

FILTER_SANITIZE_EMAIL , QUOTES and URL

Before using the validation filters as we have already said, we must minimize the rate of mistakes by the use of cleaning filters, for that we have the " FILTER_SANITIZE_EMAIL " that goes Deletes all the characters except the letters, numbers, and these characters : [! # $% & '* + - =? ^ _ `{|} ~ @. []] , to return a correct email.

And we also have the " FILTER_SANITIZE_URL " to delete all characters except the letters, digits, and special characters : [$ -_. +! * '(), {} | \\ ^ ~ [] `<> #%"; /? : @ & =] to clean the URL.

Finally we have the " FILTER_SANITIZE_MAGIC_QUOTES ", which will apply the rules of the " addslaches() " function, to add backslaches before the characters :

Single quotation marks (')

Double quotation marks (")

FILTER_SANITIZE_FLOAT and INT

We have learned the previous tutorial that we can easly validate the value entered by the user if it's a correct value or not , or it's a number or not, with both possibilties "Float and Int", today is in this tutorial, we will learn how to sanitize the value entered by the user to be a correct number, using " FILTER_SANITIZE_NUMBER_FLOAT " and these flags

FILTER_FLAG_ALLOW_FRACTION

FILTER_FLAG_ALLOW_THOUSAND

FILTER_FLAG_ALLOW_SCIENTIFIC

And also the " FILTER_SANITIZE_NUMBER_INT " .

FILTER_SANITIZE_ENCODED, STRING and FILTER_SANITIZE_SPECIAL_CHARS

For the security of your site or database, you must use the " FILTER_SANITIZE_ENCODED " or " FILTER_SANITIZE_SPECIAL_CHARS " to transform the HTML tags and codes, the spaces and all to HTML entities and apply the encoding for these characters.

For more security you can use the " FILTER_SANITIZE_STRING " that will just return the text, if you pass a code javascript or HTML code, it will filter it and just return the text.

They have several common flags:

FILTER_FLAG_NO_ENCODE_QUOTES

FILTER_FLAG_STRIP_LOW

FILTER_FLAG_STRIP_HIGH

FILTER_FLAG_STRIP_BACKTICK

FILTER_FLAG_ENCODE_LOW

FILTER_FLAG_ENCODE_HIGH

FILTER_FLAG_ENCODE_AMP

The effect of the special characters will be in the source code

Video Tutorial

Curriculum

Proof of Work Done

https://github.com/alexendre-maxim/PHP-Tutorial/blob/master/sanitize.html

https://github.com/alexendre-maxim/PHP-Tutorial/blob/master/sanitize.php

PHP Tutorial #24 Filters Part 2 " FILTER_SANITIZE "