Archive for April, 2013

Filtering content from PHP variables

April 28th, 2013 No comments

PHP function filter_var() first appears in PHP 5.2.0 and is related to content filtering. For more information, see here. It is a function that will check if the content is inserted properly and take the appropriate action depending on the options you have defined.

filter_var mixed (mixed $variable[, int $filter=FILTER_DEFAULT[, mixed $options]]);
[/ code]

The function accepts three parameters. The first is the content that you want to control, second is the filter, and the third are the options that further describe the filter.

There are 4 types of filters:

  • Validate filters
  • Sanitize filters
  • Other filters
  • Filter flags

Validate filters

This is a filter that checks whether the entered text is really what you expect it to be. These are:

  • FILTER_VALIDATE_BOOLEAN – Returns TRUE for “1”, “true”, “on” and “yes”. Returns FALSE otherwise. (This is convenient for checking the value that is passed checkbox within the ExtJS framework)
  • FILTER_VALIDATE_FLOAT – Validates value as float
  • FILTER_VALIDATE_INT – Validates value as integer, optionally from the specified range
  • FILTER_VALIDATE_IP – Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges
  • FILTER_VALIDATE_URL – Validates value as URL (according to ยป, optionally with required components. Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// or mailto:. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail
  • FILTER_VALIDATE_EMAIL – Validates value as e-mail
  • FILTER_VALIDATE_REGEXP – Validates value against regexp, a Perl-compatible regular expression.

Some of these filters will be implemented in the new version of CodeIgniter Framework (v3) which will further affect his speed.

Sanitize filters

These are the filters that, in addition to checking the correctness, perform an additional action for the purpose of adapting to become correct. These are:

  • FILTER_SANITIZE_EMAIL – Remove all characters except letters, digits and !#$%&’*+-/=?^_`{|}~@.[]
  • FILTER_SANITIZE_ENCODED – URL-encode string, optionally strip or encode special characters
  • FILTER_SANITIZE_MAGIC_QUOTES – Apply addslashes()
  • FILTER_SANITIZE_NUMBER_FLOAT – Remove all characters except digits, +- and optionally .,eE
  • FILTER_SANITIZE_NUMBER_INT – Remove all characters except digits, plus and minus sign
  • FILTER_SANITIZE_SPECIAL_CHARS – HTML-escape ‘”<>& and characters with ASCII value less than 32, optionally strip or encode other special characters
  • FILTER_SANITIZE_FULL_SPECIAL_CHARS – Equivalent to calling htmlspecialchars() with ENT_QUOTES set. Encoding quotes can be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars(), this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0
  • FILTER_SANITIZE_STRING – Strip tags, optionally strip or encode special characters
  • FILTER_SANITIZE_STRIPPED – Alias of “string” filter
  • FILTER_SANITIZE_URL – Remove all characters except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%”;/?:@&=
  • FILTER_UNSAFE_RAW – Do nothing, optionally strip or encode special characters. This filter is also aliased to FILTER_DEFAULT

Other filters

If you want to create your own function to filter, this is the section for you. As the filter is introduced FILTER_CALLBACK and as an extra option specifies a function that will execute the filtering/validation.

Filter flags

These are flags that can be used as an optional third parameter. A detailed list can be viewed here.

This is only an introduction to the possibilities that this feature provides. For more information, see the description of the functions in the framework of the official documentation.

Optimize HTML code

April 28th, 2013 No comments

Here’s a simple way to delete all redundant spaces, lines, tabs, and all the signs that are not visible when viewing the HTML page, but if you watch its source code are very much visible. The result is the HTML code into a single line, which can be reduced by a few KB:

preg_replace("/\s+/", " ", $string);

$string is a variable in which you store the HTML code.

Categories: PHP Tags: ,