Log in

View Full Version : questions about php filters and forms

10 Jun 2011, 06:46 PM
theris some questions i have about filters that i found a lesson about it in w3cschools,

1- does filter sanitize and validate replace spliteslashes and mysql_real_escape_string or i should use all of them for more security ?

2- when i try to practice i use options min_range & max_range in VALIDATE_INT it doesn't works also for sanitize when i put a url or email and i put a special caracters into it doesn't sanitized

code filter treatment

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

$url = "http://www.gôooglée.com/";

if ($url=filter_var($url, FILTER_SANITIZE_URL))
echo "<p>URL IS sanitized now $url</p>";

if ($url = filter_var($url, FILTER_VALIDATE_URL))
echo "<p>URL est valide $url</p>";
echo "URL is not valid $url";

$filters = array(

if (filter_has_var(INPUT_GET, 'mail') && filter_has_var(INPUT_GET, 'age') && filter_has_var(INPUT_GET, 'prenom'))
$validation = filter_input_array(INPUT_GET, $filters);

if (!$validation['prenom'])
echo "<p>prenom is not valid</p>";
elseif (!$validation['age'])
echo"<p>age is not valid it could be not betweene 10 - 60 or the input is not integer</p>";
echo "<p>email is not valid</p>";
echo "<p>All inputs are valide</p>";

code page of link

<a href="test.filter.php?prenom=OR-&age=70&mail=golg@nice.com">test filtr</a>

3- what is the best way used in forms because i found lot of examples and lot of ways, can some one give a simple php secure code (i use md5, splitslashes, real_escape_strings in my forms)

thank you