Filtered Variable: 1234\\’;delete from accounts;–
Unfiltered Variable: 1234′;delete from accounts;–<\/p><\/blockquote>\n
You can see that the default behavior is to protect the input but even for destructive filtering methods the raw unfiltered data would be available if the programmer needed it. You can provide all sorts of extra methods to validate emails, post codes and such.<\/p>\n
A quick and dirty example of a class that provides this kind of filtering can be seen below:<\/p>\n
\n<?
<\/span>class <\/span>ArrayArmor <\/span>Implements <\/span>ArrayAccess <\/span>{
private <\/span>$original<\/span>;<\/p>\n function <\/span>__construct <\/span>(&<\/span>$variable<\/span>) {
<\/span>$this<\/span>-><\/span>original <\/span>= <\/span>$variable<\/span>;
}<\/p>\n function <\/span>offsetExists<\/span>(<\/span>$offset<\/span>) {
return isset(<\/span>$this<\/span>-><\/span>original<\/span>[<\/span>$offset<\/span>]);
}<\/p>\n function <\/span>offsetGet<\/span>(<\/span>$offset<\/span>) {
return <\/span>addslashes<\/span>(<\/span>$this<\/span>-><\/span>original<\/span>[<\/span>$offset<\/span>]);
}<\/p>\n function <\/span>offsetSet<\/span>(<\/span>$offset<\/span>, <\/span>$value<\/span>) {
}<\/p>\n function <\/span>offsetUnset<\/span>(<\/span>$offset<\/span>) {
}<\/p>\n function <\/span>getRaw<\/span>(<\/span>$offset<\/span>) {
return(<\/span>$this<\/span>-><\/span>original<\/span>[<\/span>$offset<\/span>]);
}
}
<\/span>?>
<\/span>
\n<\/span>
\n<\/code>
So that’s it, a simple method that is very easy to put into existing code. This is clearly not a full example as addslashes()<\/i> is hardly the be-all and end-all of input protection, but if you build on this you can get a very easy to use and flexible input filter that is safe by default.<\/p>\n","protected":false},"excerpt":{"rendered":"I have been working on a site that will have potentially quite a few random third parties accessing it and inserting data into a MySQL database. I am thus quite keen on a good solid input filtering method for PHP to prevent things like XSS and SQL Injection. There are several options out there, of […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","footnotes":""},"categories":[7],"tags":[121,42],"_links":{"self":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts\/424"}],"collection":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/comments?post=424"}],"version-history":[{"count":1,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts\/424\/revisions"}],"predecessor-version":[{"id":529,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts\/424\/revisions\/529"}],"wp:attachment":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/media?parent=424"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/categories?post=424"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/tags?post=424"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}