3分钟轻松解锁网易云音乐:ncmdump高效转换工具完整指南
2026/6/7 10:33:11
PHP数据校验与过滤全攻略
数据校验是应用安全的第一道防线。PHP提供了丰富的校验工具。今天说说数据校验和过滤的各种方法。
filter_var验证常见数据格式。
```php
$values = [
'email' => 'test@example.com',
'url' => 'https://www.example.com',
'ip' => '192.168.1.1',
];
echo filter_var($values['email'], FILTER_VALIDATE_EMAIL) ?: '无效' . "\n";
echo filter_var($values['url'], FILTER_VALIDATE_URL) ?: '无效' . "\n";
$intVal = filter_var('42', FILTER_VALIDATE_INT, ['options' => ['min_range' => 1, 'max_range' => 100]]);
echo $intVal !== false ? $intVal : '无效' . "\n";
?>
filter_var净化数据。
```php
$dirty = [
'email' => "test@exa\tmple.com\n",
'string' => "",
'int' => "abc123def456",
];
echo "净化邮箱: " . filter_var($dirty['email'], FILTER_SANITIZE_EMAIL) . "\n";
echo "净化整数: " . filter_var($dirty['int'], FILTER_SANITIZE_NUMBER_INT) . "\n";
echo "转义HTML: " . htmlspecialchars($dirty['string'], ENT_QUOTES, 'UTF-8') . "\n";
?>
一个完整的验证器。
```php
class Validator
{
private array $data;
private array $rules;
private array $errors = [];
public function __construct(array $data, array $rules)
{
$this->data = $data;
$this->rules = $rules;
$this->validate();
}
public function fails(): bool { return !empty($this->errors); }
public function errors(): array { return $this->errors; }
private function validate(): void
{
foreach ($this->rules as $field => $ruleSet) {
$value = $this->data[$field] ?? null;
$rules = is_string($ruleSet) ? explode('|', $ruleSet) : $ruleSet;
foreach ($rules as $rule) {
$error = $this->applyRule($field, $value, $rule);
if ($error !== null) {
$this->errors[$field] = $error;
break;
}
}
}
}
private function applyRule(string $field, mixed $value, string $rule): ?string
{
$params = [];
if (str_contains($rule, ':')) {
[$rule, $paramStr] = explode(':', $rule, 2);
$params = explode(',', $paramStr);
}
if ($value === null || $value === '') {
if ($rule === 'required') return "{$field}不能为空";
return null;
}
return match ($rule) {
'email' => !filter_var($value, FILTER_VALIDATE_EMAIL) ? "{$field}不是有效邮箱" : null,
'url' => !filter_var($value, FILTER_VALIDATE_URL) ? "{$field}不是有效URL" : null,
'numeric' => !is_numeric($value) ? "{$field}必须是数字" : null,
'min' => (float)$value < (float)($params[0] ?? 0) ? "{$field}不能小于{$params[0]}" : null,
'max' => (float)$value > (float)($params[0] ?? 0) ? "{$field}不能大于{$params[0]}" : null,
'min_length' => mb_strlen((string)$value) < (int)($params[0] ?? 0) ? "{$field}长度不能小于{$params[0]}" : null,
'in' => !in_array((string)$value, $params) ? "{$field}不在允许范围" : null,
default => null,
};
}
}
$data = ['name' => '张', 'email' => 'invalid', 'age' => 200];
$rules = ['name' => 'required|min_length:2|max_length:50', 'email' => 'required|email', 'age' => 'required|numeric|min:1|max:150'];
$validator = new Validator($data, $rules);
if ($validator->fails()) {
foreach ($validator->errors() as $field => $error) {
echo "{$field}: {$error}\n";
}
}
?>
数据验证和净化是Web应用安全的基石。验证确保数据格式正确,净化去除不安全的内容。两者结合使用,在接收用户输入时验证,在输出时转义,可以防止大多数安全漏洞。