Are you using Filter extension?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Are you using Filter extension?

Post by matthijs »

Probably most of you are aware of PHP's Filter extension
http://nl.php.net/manual/en/book.filter.php
which can be used to validate and filter data.

In the past I've heard mixed reactions about its functionality and usefulness. People might not want to use or rely on it because it's an extension and might not be installed on every server (it's also a php5 only extension if I remember correctly). Secondly, as can be seen from the manual, the documentation is still quite sparse. That's a drawback as you need detailed information about each filter function, if you want to know what your code is doing.

Time has past, and now that PHP4 is ending its life, have people changed their minds about the Filter extension, are people using it more often?

To me, the extension seems useful. If it's possible to use a native PHP function instead of reinventing the wheel with my own regexp experiment, I will go for the native function. However, the Filters sparse documentation and sometimes complicated syntax make me have some doubts.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Are you using Filter extension?

Post by Eran »

Actually it's not just PHP5 its PHP >=5.2 which might be a problem for some people.

I have to admit I've never heard about this extension. The method of operation looks similar to Zend_Filter_Input which I use often, only this is a C extension and therefor potentially much more performant. I'll definitely experiment with this a little, thanks for sharing :)
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Are you using Filter extension?

Post by matthijs »

If even you had not heard of it yet, that shows how little information there is about it or how little exposure it gets.
Here's a nice list of examples of it's usage:
http://phpro.org/tutorials/Filtering-Data-with-PHP.html
and in the presentations of Ilia Alshanetsky you can find some examples of its recommended usage
http://ilia.ws/talks.php
User avatar
pcoder
Forum Contributor
Posts: 230
Joined: Fri Nov 03, 2006 5:19 am

Re: Are you using Filter extension?

Post by pcoder »

Thanks matthijs, this is really a very nice article to go through the Data filtering with PHP.
User avatar
papa
Forum Regular
Posts: 958
Joined: Wed Aug 27, 2008 3:36 am
Location: Sweden/Sthlm

Re: Are you using Filter extension?

Post by papa »

Very nice article indeed. Seems pretty useful!
Post Reply