Location: PHPKode > scripts > Filtreatment > filtreatment/index.php
<style type="text/css">
    body {
        background-color: #FFFEF0;
    }

    #error_ft {
        background-color: #FF9C24;
        color: #734710;
        display: block;
        border: 1px solid white;
        width: 50%;
    }

    .block_ft {
        border: 1px solid #734710;
        display: block;
        float: left;
        padding: 10px;
        clear: both;
        margin-top: 10px;
    }
</style>

<?php
include_once('Filtreatment_class.php');

if ( isset($_POST['proceed']) ) {
    $ob = new Filtreatment();

    if ( $_POST['ft_integer_2'] ) {
        $ob->minval = 10;
        $ob->maxval = 40;
        $r = $ob->ft_integer($_POST['ft_integer_2']);
        if ( $r ) {
            $ob->error = "TRUE: The entered value $r is between boundaries!";
        } else {
            $ob->error = "FALSE: The entered value is outside boundaries!";
        }
    }

    if ( $_POST['ft_integer_1'] ) {
        $ob->minval = -10;
        $ob->maxval = 0;
        $r = $ob->ft_integer($_POST['ft_integer_1']);
        if ( $r ) {
            $ob->error = "TRUE: The entered value $r is bigger that -10!";
        } else {
            $ob->error = "FALSE: The entered value is smaller than -10!";
        }
    }

    if ( $_POST['ft_float'] ) {
        $ob->minval = 10.34;
        $ob->maxval = 40.23;
        $r = $ob->ft_float($_POST['ft_float']);
        if ( $r ) { 
            $ob->error = "TRUE: The entered value $r is between boundaries!";
        } else {
            $ob->error = "FALSE: The entered value is outside boundaries!";
        }
    }

    if ( $_POST['ft_date'] ) {
        $r = $ob->ft_validdate($_POST['ft_date']);
        if ( $r ) {
            $ob->error = "TRUE: The entered date $r is valid!";
        } else {
            $ob->error = "FALSE: The entered date is invalid!";
        }
    }

    if ( $_POST['ft_email'] ) {
        $r = $ob->ft_email($_POST['ft_email']);
        if ( $r ) {
            $ob->error = "TRUE: The entered email address $r is valid!";
        } else {
            $ob->error = "FALSE: The entered email address is invalid!";
        }
    }

    if ( $_POST['ft_name'] ) {
        $r = $ob->ft_dbsql($_POST['ft_name']);
        if ( $r ) {
            $ob->error = "FILTERED VALUE: $r";
        }
    }

    if ( $_POST['ft_name_2'] ) {
        $dbname = $ob->ft_dbsql($_POST['ft_name_2']);
        $r      = $ob->ft_strregex($dbname, 'A-Za-z0-9', 2);
        if ( $r ) {
            $ob->error = "FILTERED VALUE: $r";
        }
    }

    if ( $_POST['ft_xss'] ) {
        $r = $ob->ft_xss($_POST['ft_xss']);
        if ( $r ) {
            $ob->error = "FILTERED VALUE: $r";
        }
    }

echo '<div id="error_ft">' .$ob->display_error(2). '</div>';
}

?>

<h3>FILTREATMENT CLASS</h3>

<form method="POST" action="<?php echo $_SERVER['PHP_SELF'];?>">

<div class="block_ft">
<strong>To force an input to be integer (at least -10):</strong>
<input type="text" name="ft_integer_1" size="10" />
<input type="submit" value="Proceed" name="proceed" id="proceed"/><br />

<pre>
$ob = new Filtreatment();
$ob->minval = 10;
$ob->maxval = 0; // set it to 0 or leave it alone (default:0)
$r = $ob->ft_integer($_POST['ft_integer']);
</pre>
</div>



<div class="block_ft">
<strong>To force an input to be integer (between 10-40):</strong>
<input type="text" name="ft_integer_2" size="10" />
<input type="submit" value="Proceed" name="proceed" id="proceed"/><br />

<pre>
$ob         = new Filtreatment();
$ob->minval = 10;
$ob->maxval = 40;
$r = $ob->ft_integer($_POST['ft_integer']);
</pre>
</div>


<div class="block_ft">
<strong>To force an input to be float (between 10.34-40.23):</strong>
<input type="text" name="ft_float" size="10" />
<input type="submit" value="Proceed" name="proceed" id="proceed"/><br />

<pre>
$ob         = new Filtreatment();
$ob->minval = 10.34;
$ob->maxval = 40.23;
$r = $ob->ft_float($_POST['ft_float']);
</pre>
</div>


<div class="block_ft">
<strong>Validates a date (format YYYY-MM-DD)</strong>
<input type="text" name="ft_date" size="10" />
<input type="submit" value="Proceed" name="proceed" id="proceed"/><br />

<pre>
$ob = new Filtreatment();
$r  = $ob->ft_validdate($_POST['ft_date']);
</pre>
</div>


<div class="block_ft">
<strong>Validates an email address (RFC 2822)</strong>
<input type="text" name="ft_email" size="20" />
<input type="submit" value="Proceed" name="proceed" id="proceed"/><br />

<pre>
$ob = new Filtreatment();
$r  = $ob->ft_email($_POST['ft_email']);
</pre>
</div>


<div class="block_ft">
<strong>Prepares the input for database queries:</strong>
<input type="text" name="ft_name" size="20" />
<input type="submit" value="Proceed" name="proceed" id="proceed"/><br />

<pre>
$ob = new Filtreatment();
$r  = $ob->ft_dbsql($_POST['ft_name']);
</pre>
</div>


<div class="block_ft">
<strong>Combine the above with much stronger filtering (using ft_strregex()):</strong>
<input type="text" name="ft_name_2" size="20" />
<input type="submit" value="Proceed" name="proceed" id="proceed"/><br />

<pre>
// here we accept only A-Z a-z or 0-9 letters.
$ob     = new Filtreatment();
$dbname = $ob->ft_dbsql($_POST['ft_name']);
$r      = $ob->ft_strregex($dbname, 'A-Za-z0-9', 2);
</pre>
</div>


<div class="block_ft">
<strong>AntiXSS attacks</strong>
<input type="text" name="ft_xss" size="40" />
<input type="submit" value="Proceed" name="proceed" id="proceed"/><br />

<textarea rows='10' cols='100'>
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
<<SCRIPT>alert("XSS");//<</SCRIPT>
</textarea>

<pre>
// XSS filtering
$ob     = new Filtreatment();
$r      = $ob->ft_xss($_POST['ft_xss']);
</pre>
</div>

</form>
Return current item: Filtreatment