PHP Tutorial #24 Filters Part 2 " FILTER_SANITIZE "

Image Source

Repository

https://github.com/php/php-src 

What Will I Learn?

• You will learn the " FILTER_SANITIZE_EMAIL " and " FILTER_SANITIZE_ENCODED ".
• You will learn the " FILTER_SANITIZE_QUOTES " and " FILTER_SANITIZE_FLOAT ".
• You will learn the " FILTER_SANITIZE_INT " and " FILTER_SANITIZE_SPECIAL_CHARS  ".
• You will learn the " FILTER_SANITIZE_STRING " and " FILTER_SANITIZE_URL ".

Requirements

System Requirements:

• Server support PHP , Xampp or Wamp for example
• An IDE like Sublime text.
• Browser (Chrome for example)  

OS Support for PHP

• Windows
• macOS
• Linux

Required Knowledge

• HTML language
• CSS language

Difficulty

•  Intermediate 

Description

In this tutorial we will learn the second part of "filters", in the previous tutorial we have learned the "FILTER_VALIDATE", today we will take the "FILTER_SANITIZE".

The idea is that the "FILTER_VALIDATE" will test and will validate if the value entered by the user is suitable and is correct with the type of the column in the database for example or not.

But the "FILTER_SANITIZE" will clean or delete all the characters that don't belong to this type, and will return the original caracters of this type.

We need before validation to do the impossible and to minimize the faults of the user, and for that we will use before any validate the sanitize.

PHP offers 11 types of filtering, we will see 8 important types with their flags and use.

FILTER_SANITIZE_EMAIL , QUOTES and URL 

Before using the validation filters as we have already said, we must minimize the rate of mistakes by the use of cleaning filters, for that we have the " FILTER_SANITIZE_EMAIL " that goes Deletes all the characters except the letters, numbers, and these characters : [! # $% & '* + - =? ^ _ `{|} ~ @. []] , to return a correct email.

And we also have the " FILTER_SANITIZE_URL " to delete all characters except the letters, digits, and special characters : [$ -_. +! * '(), {} | \\ ^ ~ [] `<> #%"; /? : @ & =] to clean the URL.

Finally we have the " FILTER_SANITIZE_MAGIC_QUOTES ", which will apply the rules of the " addslaches() " function, to add backslaches before the characters : 

Single quotation marks (')

Double quotation marks (")

FILTER_SANITIZE_FLOAT and INT 

We have learned the previous tutorial that we can easly validate the value entered by the user if it's a correct value or not , or it's a number or not, with both possibilties "Float and Int", today is in this tutorial, we will learn how to sanitize the value entered by the user to be a correct number, using " FILTER_SANITIZE_NUMBER_FLOAT " and these flags

FILTER_FLAG_ALLOW_FRACTION

FILTER_FLAG_ALLOW_THOUSAND

FILTER_FLAG_ALLOW_SCIENTIFIC

And also the " FILTER_SANITIZE_NUMBER_INT " .

FILTER_SANITIZE_ENCODED, STRING and  FILTER_SANITIZE_SPECIAL_CHARS 

For the security of your site or database, you must use the " FILTER_SANITIZE_ENCODED " or " FILTER_SANITIZE_SPECIAL_CHARS " to transform the HTML tags and codes, the spaces and all to HTML entities and apply the encoding for these characters.

For more security you can use the " FILTER_SANITIZE_STRING " that will just return the text, if you pass a code javascript or HTML code, it will filter it and just return the text.

They have several common flags:

FILTER_FLAG_NO_ENCODE_QUOTES

FILTER_FLAG_STRIP_LOW

FILTER_FLAG_STRIP_HIGH

FILTER_FLAG_STRIP_BACKTICK

FILTER_FLAG_ENCODE_LOW

FILTER_FLAG_ENCODE_HIGH

FILTER_FLAG_ENCODE_AMP

The effect of the special characters will be in the source code 

Video Tutorial

Curriculum

• PHP Tutorial #11 String Methods ( Addslaches, Chr, Chop and Chunk_splite )
• PHP Tutorial #12 String Methods ( Bin2Hex, Count_Chars, Explode and Hex2Bin )
• PHP Tutorial #13 String Methods (Implode, Join, Lcfirst, Ltrim and Fprintf )
• PHP Tutorial #14 String Methods (Md5_File, Md5, Nl2br and Addcslaches )
• PHP Tutorial #15 String Methods (Number_Format, Ord, Parse_Str, Print and Printf )
• PHP Tutorial #16 String Methods (QuoteMeta, Rtrim , Sha1_file and Sha1 )
• PHP Tutorial #17 Mathematical Methods (Abs, Acos , Acosh and Asin )
• PHP Tutorial #18 ( GET and POST ) Methods and $_SERVER Variables
• PHP Tutorial #19 ( Include and Require ) , Globals Variable, Request and $_SERVER Variables
• PHP Tutorial #20 The Cookie How To Create , Modify And Delete A Cookie
• PHP Tutorial #21 The Session How To Create , Modify And Delete A Session
• PHP Tutorial #22 The Output_Buffer And How To Control It
•  PHP Tutorial #23 Filters Part 1 " FILTER_VALIDATE "

Proof of Work Done

https://github.com/alexendre-maxim/PHP-Tutorial/blob/master/sanitize.html

https://github.com/alexendre-maxim/PHP-Tutorial/blob/master/sanitize.php