stackoom
  简体   繁体   中英

PHP - Filter_var alternative?

 原文  2012-02-03 09:16:35       php/ sanitize/ filter-var

Question

I built a php script to output data posted in a form, but I ran into a problem. The server the website is going to run on, runs PHP 5.1.6. This version of PHP does not support filter_var.

I need to know an alternative on short term (preferably yesterday), and can't find something straight forward on Google or Stack Overflow.

Mayhap someone here ran into the same issue in the past and has a quick fix for me?

This code: 

$email= filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
$answer= filter_var($_POST['answer'], FILTER_SANITIZE_STRING);

needs to be compatible with PHP 5.1.6, so the email address is checked on genuinity, and that no malicious code is used in either fields. Any tips?

Thanks so much!

4 answers

solution1
 4 ACCPTED  2012-02-03 09:35:30

for Emails you can use a Regex: (for example: http://www.totallyphp.co.uk/validate-an-email-address-using-regular-expressions )

for strings you could also do regex, but that is a little bit too heavy, so maybe a combination of mysql_real_escape_string() if you send it to a DB, and for html you should use htmlentities() :

http://de.php.net/manual/en/function.mysql-real-escape-string.php

http://www.php.net/manual/en/function.htmlentities.php

I don't think that the filter_var-function does far different than just using these methods

solution2
 2  2012-02-03 09:31:44

您可以通过PECL将扩展安装到PHP 5.1: http//pecl.php.net/package/filter

solution3
 2  2012-02-03 09:44:29

i would use a regular expression generally. it provides you the most flexibility. on the internet are many useful resources about it. take a look here or here

solution4
 -1  2012-02-06 09:57:45

Using the information I was given in the previous answers, here's how I fixed my problem: 

<?PHP // Retreive POST data and sanitize it: trim string, no HTML, plain text
$variable1=htmlentities(trim($_POST['input1']), ENT_NOQUOTES);
$variable2=htmlentities(trim($_POST['input2']), ENT_NOQUOTES);
$emailaddress=$_POST['email']; // sanitizing email address happens below

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $emailadres)){    // check email address and if legit, do this:
        echo '<p>The e-mail address given is valid.</p>'

} else{ // if email is not legit, do this:
        echo '<p>The e-mail address given is not valid.</p>';
}
?>

I hope this helps someone :)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is there an alternative to the “filter_var” function in php when using HHVM? filter_var in php 5.3.8 Php filter_var function filter_var php question PHP filter_var URL PHP filter_var bug? Is it good to use filter_var with htmlentities in PHP? PHP if statement not working as expected with filter_var php - filter_var() expects 3 arguments max PHP validation booleans using filter_var
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM