Tag Archives: filter

FILTER_SANITIZE vs FILTER VALIDATE, whats the difference – and which to use?

Questions: Currently I’m making sort of calculator-like app in PHP with form as method of input. To secure input i’m using filter_input() function. As filter this function take one of elements from two groups: FILTER_SANITIZE and FILTER_VALIDATE, which one should i use to filter input from form? $number1 = trim(filter_input(INPUT_GET, ‘number1’, FILTER_VALIDATE_FLOAT)); or $number1 =… Read More »

PHP regex for url validation, filter_var is too permisive

Questions: First lets define a “URL” according to my requirements. The only protocols optionally allowed are http:// and https:// then a mandatory domain name like stackoverflow.com then optionally the rest of url components (path, query, hash, …) For reference a list of valid and invalid url’s according to my requirements VALID stackoverflow.com stackoverflow.com/questions/ask https://stackoverflow.com/questions/ask http://www.amazon.com/Computers-Internet-Books/b/ref=bhp_bb0309A_comint2?ie=UTF8&node=5&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=browse&pf_rd_r=0AH7GM29WF81Q72VPFDH&pf_rd_t=101&pf_rd_p=1273387142&pf_rd_i=283155… Read More »

Does FILTER_VALIDATE_EMAIL make a string safe for insertion in database?

Questions: $str = ‘”mynam@blabl”@domanin.com’; filter_var($str, FILTER_VALIDATE_EMAIL);//return valid email. the above email returns true… Fair enough that RFC 2822 says it’s a legal email address. my question is if you validate an email using the above could an email carry sql injections that can harm the db even though you have filtered it with filter_var? Answers:

PHP: Filter array

Questions: I would like to delete all elements from an array that don’t meet some condition. For example, I have this 2D array: [ [‘UK’, ’12’, ‘Sus’, ‘N’], [‘UK’, ’12’, ‘Act’, ‘Y’], [‘SQ’, ’14’, ‘Act’, ‘Y’], [‘CD’, ’12’, ‘Act’, ‘Y’] ] and I would like to delete all rows that don’t match this format: [‘UK’… Read More »

PHP swear word filter

Questions: I’m working on a WordPress plugin that replaces the bad words from the comments with random new ones from a list. I now have 2 arrays: one containing the bad words and another containing the good words. $bad = array(“bad”, “words”, “here”); $good = array(“good”, “words”, “here”); Since I’m a beginner, I got stuck… Read More »

What does FILTER_SANITIZE_STRING do?

Questions: There’s like a million Q&A that explain the options like FILTER_FLAG_STRIP_LOW, but what does FILTER_SANITIZE_STRING do on its own, without any options? Does it just filter tags? Answers:

Strict HTML Validation and Filtering in PHP

Questions: I’m looking for best practices for performing strict (whitelist) validation/filtering of user-submitted HTML. Main purpose is to filter out XSS and similar nasties that may be entered via web forms. Secondary purpose is to limit breakage of HTML content entered by non-technical users e.g. via WYSIWYG editor that has an HTML view. I’m considering… Read More »

VBA for filtering columns

Questions: I have a big database-like sheet, first row contains headers. I would like a subset of rows of this table based on column values. Two issues: 1) VBA-wise I would like to loop through the columns, when the values for all necessary columns all match, copy the entire row into a new sheet. 2)… Read More »