You know that I am talking about filter_var function in PHP 5.
你知道我在讨论PHP 5中的filter_var函数。
I have visited http://php.net/manual/en/filter.filters.sanitize.php but I still have the question:
我访问过http://php.net/manual/en/filter.filters.sanitize.php,但我仍有疑问:
What are the exact differences?
有什么确切的区别?
Please provide an example, so that it can be more easily clarified.
请提供一个示例,以便更容易澄清。
2 个解决方案
#1
33
The flags are explained in a different page of the documentation.
标志在文档的不同页面中解释。
FILTER_FLAG_STRIP_LOW strips bytes in the input that have a numerical value <32, most notably null bytes and other control characters such as the ASCII bell. This is a good idea if you intend to pass an input to another application which uses null-terminated strings. In general, characters with a Unicode codepoint lower than 32 should not occur in user input, except for the newline characters 10 and 13.
FILTER_FLAG_STRIP_LOW剥离输入中具有数值<32的字节,最明显的是空字节和其他控制字符,例如ASCII铃声。如果您打算将输入传递给另一个使用以null结尾的字符串的应用程序,这是一个好主意。通常,Unicode代码点低于32的字符不应出现在用户输入中,换行符10和13除外。
FILTER_FLAG_STRIP_HIGH strips bytes in the input that have a numerical value >127. In almost every encoding, those bytes represent non-ASCII characters such as ä, ¿, 堆 etc. Passing this flag can be a band-aid for broken string encoding, which can become a security vulnerability. However, non-ASCII characters are to be expected in virtually all user input.
FILTER_FLAG_STRIP_HIGH剥离输入中具有数值> 127的字节。在几乎每个编码中,这些字节代表非ASCII字符,例如ä,¿,堆等。传递此标志可以成为破坏字符串编码的创可贴,这可能成为安全漏洞。但是,几乎所有用户输入都需要非ASCII字符。
To summarize:
总结一下:
filter_var("\0aä\x80", FILTER_SANITIZE_STRING) == "\0aä\x80"
filter_var("\0aä\x80", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW) == "aä\x80"
filter_var("\0aä\x80", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH) == "\0a"
filter_var("\0aä\x80", FILTER_SANITIZE_STRING,
FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH) == "a"
#2
1
FILTER_FLAG_STRIP_LOW
Remove characters with ASCII value < 32
删除ASCII值<32的字符
FILTER_FLAG_STRIP_HIGH
Remove characters with ASCII value > 127
删除ASCII值> 127的字符
#1
33
The flags are explained in a different page of the documentation.
标志在文档的不同页面中解释。
FILTER_FLAG_STRIP_LOW strips bytes in the input that have a numerical value <32, most notably null bytes and other control characters such as the ASCII bell. This is a good idea if you intend to pass an input to another application which uses null-terminated strings. In general, characters with a Unicode codepoint lower than 32 should not occur in user input, except for the newline characters 10 and 13.
FILTER_FLAG_STRIP_LOW剥离输入中具有数值<32的字节,最明显的是空字节和其他控制字符,例如ASCII铃声。如果您打算将输入传递给另一个使用以null结尾的字符串的应用程序,这是一个好主意。通常,Unicode代码点低于32的字符不应出现在用户输入中,换行符10和13除外。
FILTER_FLAG_STRIP_HIGH strips bytes in the input that have a numerical value >127. In almost every encoding, those bytes represent non-ASCII characters such as ä, ¿, 堆 etc. Passing this flag can be a band-aid for broken string encoding, which can become a security vulnerability. However, non-ASCII characters are to be expected in virtually all user input.
FILTER_FLAG_STRIP_HIGH剥离输入中具有数值> 127的字节。在几乎每个编码中,这些字节代表非ASCII字符,例如ä,¿,堆等。传递此标志可以成为破坏字符串编码的创可贴,这可能成为安全漏洞。但是,几乎所有用户输入都需要非ASCII字符。
To summarize:
总结一下:
filter_var("\0aä\x80", FILTER_SANITIZE_STRING) == "\0aä\x80"
filter_var("\0aä\x80", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW) == "aä\x80"
filter_var("\0aä\x80", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH) == "\0a"
filter_var("\0aä\x80", FILTER_SANITIZE_STRING,
FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH) == "a"
#2
1
FILTER_FLAG_STRIP_LOW
Remove characters with ASCII value < 32
删除ASCII值<32的字符
FILTER_FLAG_STRIP_HIGH
Remove characters with ASCII value > 127
删除ASCII值> 127的字符