Understanding Blacklists and Whitelists with PHP

2019-06-14 04:59发布

站内问答 / PHP
436 1 4

I understand that using a whitelist it only uses everything within that list and with a blacklist it uses everything but what is in the list.

But what happens after that? Say your using a whitelist - can you prevent a submission of an input if what the value of the input contains something that wasn't in the whitelist?

I know that something like this would reduce everything that is not a char or digit with whitespace:

preg_replace( "/[^a-zA-Z0-9_]/", "", $stringToFilter );

But what if I didnt want the value stored in the database with whitespace. Is there a way to do this so that an error message occurs instead? using if statements for example...

1条回答
小情绪 Triste *
2楼-- · 2019-06-14 05:16

I understand that using a whitelist it only uses everything within that list and with a blacklist it uses everything but what is in the list.

  • whitelist: items that are approved
  • blacklist: items that are NOT approved

preg_replace

You should be using preg_match or filter_var with the flag FILTER_VALIDATE_REGEXP instead...more on this below.

But what if I didnt want the value stored in the database with whitespace. Is there a way to do this so that an error message occurs instead? using if statements for example...

You are talking about validation, so you'd be looking at: php.net/filter.filters.validate:

// false    
var_dump( !filter_var('string with spaces', FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/[\s]+/i'))) );

// true
var_dump( !filter_var('string_with_no_spaces', FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/[\s]+/i'))) );

Wrap the above in an if statement, and you are done.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)