PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (09.10.2024)

Community News: Latest PECL Releases (09.03.2024)

Community News: Latest PECL Releases (08.27.2024)

Community News: Latest PECL Releases (08.20.2024)

Community News: Latest PECL Releases (08.13.2024)

Community News: Latest PECL Releases (08.06.2024)

Community News: Latest PECL Releases (07.30.2024)

Community News: Latest PECL Releases (07.23.2024)

Community News: Latest PECL Releases (07.16.2024)

Community News: Latest PECL Releases (07.09.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Insane Security Blog:
PHP 5.2+ Data Filtering Extension = BAD?

byChris Cornutt Apr 06, 2009 @ 15:28:41

On the Insane Security blog there's a new post recommending (despite the title of the post) the use of something that comes standard to every PHP5 release - the filter extension - and how it can help you protect your application and its data.

Yesterday while browsing some security tagged discussions on stackoverflow.com I've noticed someone mentioned some filter_ prefixed PHP functions. At first I thought they were some custom written ones, but on a quick check it turned out that there really where this functions. I was shocked. Anyway, let's digg into it...

The post covers all of the filters (validate, sanitize and "other") as well as the functions the extension includes like filter_has_var, filter_input and filter_var.