PDA

View Full Version : questions about php filters and forms



channark
10 Jun 2011, 06:46 PM
hello
theris some questions i have about filters that i found a lesson about it in w3cschools,

1- does filter sanitize and validate replace spliteslashes and mysql_real_escape_string or i should use all of them for more security ?

2- when i try to practice i use options min_range & max_range in VALIDATE_INT it doesn't works also for sanitize when i put a url or email and i put a special caracters into it doesn't sanitized

code filter treatment


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>titre</title>
</head>

<body>
<?php
$url = "http://www.gôooglée.com/";

if ($url=filter_var($url, FILTER_SANITIZE_URL))
{
echo "<p>URL IS sanitized now $url</p>";

if ($url = filter_var($url, FILTER_VALIDATE_URL))
{
echo "<p>URL est valide $url</p>";
}
else{
echo "URL is not valid $url";
}
}


$filters = array(
'prenom'=>array
(
'filter'=>FILTER_SANITIZE_STRING,
),
'age'=>array
(
'filter'=>FILTER_VALIDATE_INT,
'option'=>array(
"min_range"=>10,
"max_range"=>60,
)
),
'mail'=>array(
'filter'=>FILTER_VALIDATE_EMAIL
)
);

if (filter_has_var(INPUT_GET, 'mail') && filter_has_var(INPUT_GET, 'age') && filter_has_var(INPUT_GET, 'prenom'))
{
$validation = filter_input_array(INPUT_GET, $filters);

if (!$validation['prenom'])
{
echo "<p>prenom is not valid</p>";
}
elseif (!$validation['age'])
{
echo"<p>age is not valid it could be not betweene 10 - 60 or the input is not integer</p>";
}
elseif(!$validation['mail'])
{
echo "<p>email is not valid</p>";
}
else{
echo "<p>All inputs are valide</p>";
}
}
?>
</body>
</html>


code page of link


<body>
<a href="test.filter.php?prenom=OR-&age=70&mail=golg@nice.com">test filtr</a>
</body>



3- what is the best way used in forms because i found lot of examples and lot of ways, can some one give a simple php secure code (i use md5, splitslashes, real_escape_strings in my forms)

thank you