Nettoyage

Exemple #1 Nettoyage et validation d'adresses email

<?php
$a 
'joe@example.org';
$b 'bogus - at - example dot org';
$c '(bogus@example.org)';

$sanitized_a filter_var($aFILTER_SANITIZE_EMAIL);
if (
filter_var($sanitized_aFILTER_VALIDATE_EMAIL)) {
    echo 
"Cette (a) adresse email nettoyée est considérée comme valide.";
}

$sanitized_b filter_var($bFILTER_SANITIZE_EMAIL);
if (
filter_var($sanitized_bFILTER_VALIDATE_EMAIL)) {
    echo 
"Cette (b) adresse email nettoyée est considérée comme valide.";
} else {
    echo 
"Cette (b) adresse email nettoyée est considérée comme invalide.";
}

$sanitized_c filter_var($cFILTER_SANITIZE_EMAIL);
if (
filter_var($sanitized_cFILTER_VALIDATE_EMAIL)) {
    echo 
"Cette (c) adresse email nettoyée est considérée comme valide.";
    echo 
"Avant : $c\n";
    echo 
"Après :  $sanitized_c\n";    
}
?>

L'exemple ci-dessus va afficher :

Cette (a) adresse email nettoyée est considérée comme valide.
Cette (b) adresse email nettoyée est considérée comme invalide.
Cette (c) adresse email nettoyée est considérée comme valide.
Avant : (bogus@example.org)
Après :  bogus@example.org

Exemple #2 Configurer le filtre par défaut

filter.default = full_special_chars
filter.default_flags = 0

add a note add a note

User Contributed Notes 1 note

up
1
zeeshan dot karamat dot abbas at gmail dot com
1 month ago
If we omit using a filter then PHP by default puts a filter which is FILTER_DEFAULT which will use default filter. Now the question is what is a default filter. A default filter is unsafe_raw which will allow the unsafe raw data passed on to the server. This value is available in php.ini file. It is suggested that a developer should update this value inside php.ini file as under:
filter.default = full_special_chars
filter.default_flags = 0

Whereas in php.ini file above values are by default, set as under:
;filter.default = unsafe_raw
;filter.default_flags =

Above semicolons are commented out lines so surely one needs to remove those semicolons to apply the changes made. If we do not do above things then what will happen. In that case PHP will use default filter which would surely be FILTER_UNSAFE_RAW and one can see that unsafe raw data can then be passed onto server which can make the life a hacker easier.
To Top