PHP 8.4.22 Released!

    Sanitization

    Example #1 Sanitizing and validating email addresses

    <?php
    $a     = '[email protected]';
    $b = 'bogus - at - example dot org';
    $c = '([email protected])';

    $sanitized_a = filter_var($a, FILTER_SANITIZE_EMAIL);
    if (    filter_var($sanitized_a, FILTER_VALIDATE_EMAIL)) {
    echo     "This (a) sanitized email address is considered valid.\n";
    }

    $sanitized_b = filter_var($b, FILTER_SANITIZE_EMAIL);
    if (    filter_var($sanitized_b, FILTER_VALIDATE_EMAIL)) {
    echo     "This sanitized email address is considered valid.";
    } else {
    echo     "This (b) sanitized email address is considered invalid.\n";
    }

    $sanitized_c = filter_var($c, FILTER_SANITIZE_EMAIL);
    if (    filter_var($sanitized_c, FILTER_VALIDATE_EMAIL)) {
    echo     "This (c) sanitized email address is considered valid.\n";
    echo     "Before: $c\n";
    echo     "After: $sanitized_c\n";
    }
    ?>

    Il precedente esempio visualizzerà:

    This (a) sanitized email address is considered valid.
This (b) sanitized email address is considered invalid.
This (c) sanitized email address is considered valid.
Before: ([email protected])
After: [email protected]

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 7 notes

    up
    1
    admin at monkacres dot se
    2 days ago
    Notice that I added a SLEEP(1) to the query.
The computer thinks for 1 sec, and will complete the code for you.

Also, this is a touch-up of the previous code.
Also, note that "prior" means "before sth"

<?php
// I solved the
// Redo, until it works!
include('db/db.php');

$UserName=$_POST['UserName'];
$EmailVerify=$_POST['EmailVerify'];
$PassPhrase1=$_POST['PassPhrase1'];

while (@isset($UserName, $PassPhrase1) and $_POST['submit'] AND !empty($EmailVerify)) {
if (@strlen($UserName) >= 22) {
$error="Användarnamnet får vara max 22 bokstäver långt!";
break;
}
if (@strlen($PassPhrase1) < 8) {
$error="Lösenordet måste vara minst åtta tecken långt!";
break;
}

$sanitized_a=filter_var($EmailVerify, FILTER_SANITIZE_EMAIL);
if (@isset($UserName, $PassPhrase1) AND $_POST['submit'] AND !empty($EmailVerify)) {
$ar=mysqli_query($conn, "INSERT INTO users (UserName, EmailVerify, PassPhrase1) VALUES (?,?,?) SLEEP(1)");
$ar->bind_param("sss", $UserName, trim(filter_var($EmailVerify, FILTER_VALIDATE_EMAIL)), password_hash($PassPhrase1, PASSWORD_BCRYPT));
break;

if ($ar->execute()) {
$message="Du har skapat ett konto!";
break;
}
}
}
?>
<!DOCTYPE HTML/>
<HTML/>
<HEAD/>
<META NAME="robots" CONTENT="noindex"/>
<!-- Latest compiled and minified CSS -->
<LINK HREF="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" REL="stylesheet"/>
<TITLE/>MonkAcres.se || vPetSim</TITLE>
<!--The robots stops at registering-->
<STYLE/>
body, html {
text-align: center !important;
}
form {
width: 75% !important;
margin: auto !important;
}
</STYLE>
</HEAD>
<BODY/>
<H1/>MonkAcres.se</H1>
<!--Gonna be adding Bootstrap 5 here!-->

<?php if (!empty($error) || !empty($message)): ?>
<DIV CLASS="alert alert-info"/>
<!--Parse error!-->
<?php if (isset($error)): ?>
<?php print $error; ?>
<?php endif; ?>
<?php if (isset($message)): ?>
<?php print $message; ?>
<?php endif; ?>
</DIV>
<?php endif; ?>

<FORM METHOD="POST"/>
Anv&auml;ndarnamn:<BR/>
<INPUT TYPE="text"     NAME="UserName" CLASS="form-control" REQUIRED/><BR/>
Epost:<BR/>
<INPUT TYPE="email"    NAME="EmailVerify" CLASS="form-control" REQUIRED/><BR/>
L&ouml;senord:<BR/>
<INPUT TYPE="password" NAME="PassPhrase1" MINLENGTH="8" CLASS="form-control" REQUIRED/><BR/>
<INPUT TYPE="submit"   NAME="submit" VALUE="Skapa konto!"/>
</FORM>
<FOOTER DEFER/>
&copy;&nbsp;2026-9999 MonkAcres.se, AB
</FOOTER>
</BODY>
</HTML>
    up
    1
    admin at monkacres dot se
    2 days ago
    And when you come to the active variable you should use
print $message ?>
instead of
print $message; ?>
    up
    1
    admin at monkacres dot se
    2 days ago
    I can also tell you, that the sanitization should be prior to the if-statement entering data into the database, and that you should redo until you have something that is not bogus.

And, that here I want to display EITHER $message or $error in a div and not sure...if (isset($error) || isset($message?
Also, the two $messages that are created upon sanitizing should be split.

<?=
// I solved the
// Redo, until it works!
include('db/db.php');

$UserName=$_POST['UserName'];
$EmailVerify=$_POST['EmailVerify'];
$PassPhrase1=$_POST['PassPhrase1'];

while (@isset($UserName, $PassPhrase1) and $_POST['submit'] AND !empty($EmailVerify)) {
if (@strlen($UserName) >= 22) {
$error="Användarnamnet får vara max 22 bokstäver långt!";
break;
}
if (@strlen($PassPhrase1) < 8) {
$error="Lösenordet måste vara minst åtta tecken långt!";
break;
}

$sanitized_a=filter_var($EmailVerify, FILTER_SANITIZE_EMAIL);
if (@filter_var($sanitized_a, FILTER_VALIDATE_EMAIL)) {
$message="Email unfiltered: ".$EmailVerify;
$message="Email filtered: " .$sanitized_a;
} else {
$error="Sanitization not possible!! Please try again!";
}

if (@isset($UserName, $PassPhrase1) AND $_POST['submit'] AND !empty($EmailVerify)) {
$query="INSERT INTO users (UserName, EmailVerify, PassPhrase1) VALUES (?,?,?)";
$ar=$conn->prepare($query);
$ar->execute([$UserName, $sanitized_a, password_hash($PassPhrase1, PASSWORD_BCRYPT)]);
$message="Du har skapat ett konto!";
break;
}
}
?>
<!DOCTYPE HTML/>
<HTML/>
<HEAD/>
<TITLE/>MonkAcres.se || vPetSim</TITLE>
</HEAD>
<BODY/>
<H1/>MonkAcres.se</H1>

<?= if (isset($message

<FORM METHOD="POST"/>
Användarnamn:<BR/>
<INPUT TYPE="text" NAME="UserName" REQUIRED/><BR/>
Epost:<BR/>
<INPUT TYPE="email" NAME="EmailVerify" REQUIRED/><BR/>
Lösenord:<BR/>
<INPUT TYPE="password" NAME="PassPhrase1" MINLENGTH="8" REQUIRED/><BR/>
<INPUT TYPE="submit"   NAME="submit" VALUE="Skapa konto!"/>
</FORM>
</BODY>
</HTML>
    up
    0
    admin at monkacres dot se
    1 day ago
    This is the full script, you just need to add OTP-verification using an AI and fix some bugs. ;-)

<?php
// I solved the
// Redo, until it works!
include('db/db.php');

$userName=$_POST['userName'] ?? '';
$emailVerify=$_POST['emailVerify'] ?? '';
$pass=$_POST['pass'] ?? '';

while (@isset($userName, $pass) and $_POST['submit'] AND !empty($eMail)) {
if (@strlen($userName) >= 22) {
$error="Användarnamnet får vara max 22 bokstäver långt!";
break;
}
if (@strlen($pass) < 8) {
$error="Lösenordet måste vara minst åtta tecken långt!";
break;
}

$saniterad_a=filter_var($eMail, FILTER_SANITIZE_EMAIL);
if (@isset($userName, $pass) AND $_POST['submit'] AND !empty($eMail)) {
try {
$ar="INSERT INTO users (userName, eMail, pass) VALUES (?, ?, ?) SLEEP(1)";
$query=$conn->prepare($ar);
}
catch (Exception $e) { 
print "Felmeddelande: " .$e->getMessage();
} 
$query->bind_param("sss", $userName, trim(filter_var($saniterad_a, FILTER_VALIDATE_EMAIL)), password_hash($pass, PASSWORD_BCRYPT));
break;

function SendMail($email, $provider) {
require 'PHPMailer/src/Exception.php';
require 'PHPMailer/src/PHPMailer.php';
require 'PHPMailer/src/SMTP.php';

$mail = new PHPMailer\PHPMailer\PHPMailer(true);

try {
$mail->isSMTP();
$mail->Host       = 'smtp.yourhost.com';
$mail->SMTPAuth   = true;
$mail->Username   = $provider;
$mail->Password   = 'YOUR_SMTP_PASSWORD';
$mail->SMTPSecure = PHPMailer\PHPMailer\PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port       = 587;

$mail->setFrom($provider, 'MonkAcres.se');
$mail->addAddress($email);

$mail->isHTML(true);
$mail->Subject = 'Welcome to MonkAcres.se';
$mail->Body    = '<h1>Welcome!</h1><p>Your account has been created.</p>';
$mail->AltBody = 'Welcome! Your account has been created.';

$mail->send();

} catch (Exception $e) {
print "Mailer Error: " . $mail->ErrorInfo;
}
}

// Context check
if ($user->isVerified() && $system->isReady()) {
    SendMail($saniterad_a, "[email protected]");
}

if ($query->execute()) {
$message="Du har skapat ett konto!";
break;
}
}
}
?>
<!DOCTYPE HTML/>
<HTML/>
<HEAD/>
<META NAME="robots" CONTENT="noindex"/>
<!-- Latest compiled and minified CSS -->
<LINK HREF="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" REL="stylesheet"/>
<TITLE/>MonkAcres.se || vPetSim</TITLE>
<!--The robots stops at registering-->
<STYLE/>
body, html {
text-align: center !important;
}
form {
width: 75% !important;
margin: auto !important;
}
</STYLE>
</HEAD>
<BODY/>
<H1/>MonkAcres.se</H1>
<!--Gonna be adding Bootstrap 5 here!-->

<?php if (!empty($error) || !empty($success)): ?>
<DIV CLASS="alert alert-info"/>
<!--Parse error!-->
<?php print $error || $success; ?>
</DIV>
<?php endif; ?>

<FORM METHOD="POST"/>
Anv&auml;ndarnamn:<BR/>
<INPUT TYPE="text"     NAME="userName" CLASS="form-control" REQUIRED/><BR/>
Epost:<BR/>
<INPUT TYPE="email"    NAME="eMail" CLASS="form-control" REQUIRED/>
* Notera: Du beh&ouml;ver en giltig e-postadress!<BR/>
* H&aring;ller på med en SendMail() <SPAN STYLE="background: yellow;"/></SPAN><BR/><BR/>
L&ouml;senord:<BR/>
<INPUT TYPE="password" NAME="pass" MINLENGTH="8" CLASS="form-control" REQUIRED/><BR/>
<INPUT TYPE="submit"   NAME="submit" VALUE="Skapa konto!"/>
</FORM>
<FOOTER DEFER/>
&copy;&nbsp;2026-9999 MonkAcres.se, AB
</FOOTER>
</BODY>
</HTML>
    up
    0
    admin at monkacres dot se
    3 days ago
    Thus, here I have added basic sanitization. And, I can tell you that I solved Shakespeares question. The answer is, redo until you are able to sanitize!
It should say [email protected] if ( [email protected] ) was entered!!
Here, the updated code. And also, try to make your code up-to-date. Another tip, a protip, is that you can retrieve the version number virtually. Enter what the voice says, then update until it becomes static.

<?=
// I solved the
// Redo, until it works!
include('db/db.php');

$UserName=$_POST['UserName'];
$EmailVerify=$_POST['EmailVerify'];
$PassPhrase1=$_POST['PassPhrase1'];

while (@isset($UserName, $PassPhrase1) AND !empty($EmailVerify) and $_POST['submit']) {
if (@strlen($UserName) >= 22) {
$error="Användarnamnet får vara max 22 bokstäver långt!";
break;
}
if (@strlen($PassPhrase1) < 8) {
$error="Lösenordet måste vara minst åtta tecken långt!";
break;
}
if (@isset($UserName, $PassPhrase1) AND !empty($EmailVerify) AND $_POST['submit']) {
$query="INSERT INTO users (UserName, EmailVerify, PassPhrase1) VALUES (?,?,?)";
$ar=$conn->prepare($query);
$sanitized_a=filter_var($EmailVerify, FILTER_SANITIZE_EMAIL);
if (@filter_var($sanitized_a, FILTER_VALIDATE_EMAIL) {
$ar->execute([$UserName, $sanitized_a, password_hash($PassPhrase1, PASSWORD_BCRYPT)]);
$message="This email is filtered!";
print $EmailVerify;
print $sanitized_a;
break;
} else {
$error="Email not filtered!";
break;
}
$message="Du har skapat ett konto!";
break;
}
}
?>
<!DOCTYPE HTML/>
<HTML/>
<HEAD/>
<TITLE/>MonkAcres.se || vPetSim</TITLE>
</HEAD>
<BODY/>
<FORM METHOD="POST"/>
Användarnamn:<BR/>
<INPUT TYPE="text" NAME="UserName" REQUIRED/><BR/>
Epost:<BR/>
<INPUT TYPE="email" NAME="EmailVerify" REQUIRED/><BR/>
Lösenord:<BR/>
<INPUT TYPE="password" NAME="PassPhrase1" MINLENGTH="8" REQUIRED/><BR/>
<INPUT TYPE="submit"   NAME="submit" VALUE="Skapa konto!"/>
</FORM>
</BODY>
</HTML>
    up
    0
    admin at monkacres dot se
    3 days ago
    I'm right at the sanitization now. Here, with execute([$UserName, password_hash($PassPhrase1, PASSWORD_BCRYPT)])

And, I realized that I need to redo the execute-line, until its sanitized. Getting a white screen? Redo!

<?=
include('db/db.php');

$UserName=$_POST['UserName'];
$PassPhrase1=$_POST['PassPhrase1'];

while (isset($UserName, $PassPhrase1) and $_POST['submit']) {
if (strlen($UserName) >= 22) {
$error="Användarnamnet får vara max 22 bokstäver långt!";
break;
}
if (strlen($PassPhrase1) < 8) {
$error="Lösenordet måste vara minst åtta tecken långt!";
break;
}
if (isset($UserName, $PassPhrase1) AND $_POST['submit']) {
$query="INSERT INTO users (UserName, PassPhrase1) VALUES (?,?)";
$ar=$conn->prepare($query);
$ar->execute(
$message="Du har skapat ett konto!";
break;
}
}
?>
<!DOCTYPE HTML/>
<HTML/>
<HEAD/>
<TITLE/>MonkAcres.se || vPetSim</TITLE>
</HEAD>
<BODY/>
<FORM METHOD="POST"/>
Användarnamn:<BR/>
<INPUT TYPE="text" NAME="UserName" REQUIRED/><BR/>
Lösenord:<BR/>
<INPUT TYPE="password" NAME="PassPhrase1" MINLENGTH="8" REQUIRED/><BR/>
<INPUT TYPE="submit"   NAME="submit" VALUE="Skapa konto!"/>
</FORM>
</BODY>
</HTML>
    up
    0
    admin at monkacres dot se
    1 month ago
    I have this script, however do you use $EmailRegister or $saniterad_a

@$saniterad_a=filter_var($EmailRegister, FILTER_SANITIZE_EMAIL);

if (@$UserRegister) {
if (@$PassRegister) {
if (@!filter_var($saniterad_a, FILTER_VALIDATE_EMAIL) {
die(”No email entered!);
} else {
@$UserRegister=$_POST[’UserRegister’]; # Authentication
@$PassRegister=$_POST[’PassRegister’]; # Authentication
@mail($EmailRegister

To use $EmailRegister or $saniterad_a on last variable in this script?
    add a note
    To Top