php常用数据效验及处理

常常踩一些坑，总结下

浮点数和数值型

var_dump(floatval(''), floatval('   ')); // 0  0
var_dump(floatval('1.01'), floatval('1')); //1.01  1 
var_dump(floatval(1.01), floatval(1)); //1.01  1 
var_dump(floatval('1.01aa'), floatval('a1.01'), floatval('a1')); //1.01  0  0

var_dump(is_float('dd4.5'), is_float('4.5dd')); //false  false
var_dump(is_float('4.5'), is_float(4.5), is_float(4)); //false  true  false

var_dump(is_numeric('dd4.5'), is_numeric('4.5dd'), is_numeric('')); //false  false  false
var_dump(is_numeric('4.5'), is_numeric(4.5), is_numeric(4)); //true  true  true

难以理解 is_float('4.5')结果false，is_numeric('4.5')结果为true

布尔型 

var_dump((bool)0, (bool)0.0); //false  false
var_dump((bool)1, (bool)0.07); //true  true
var_dump((bool)'0', (bool)'0.0', (bool)'0.00'); //false  true  true
var_dump((bool)' ', (bool)''); //true  false

  难以理解(bool)'0'结果false，(bool)' '结果为true

isset()

$arr = ['a' => 10, 'b' => null];
var_dump(isset($a)); //false
var_dump(isset($arr['a']), isset($arr['b']), isset($arr['c'])); //true  false  false

empty()

var_dump(empty(0), empty(0.0)); //true  true
var_dump(empty(null), empty(false)); //true  true
var_dump(empty(1), empty(0.07)); //false  false
var_dump(empty('0'), empty('0.0'), empty('0.00')); //true  false  false
var_dump(empty(' '), empty('')); //false  true

结果正好和强制转换成bool类型相反

explode()

var_dump(explode('*', '1*3')); //['1','3']
var_dump(explode('*', '3')); //['3']
var_dump(explode('*', '3*'));//['3','']

==和===      

var_dump(0 == 0.00, 0 === 0.00); //true  false
var_dump(0.0 == ' ',  0.0 === ' '); //false  false
var_dump(0.0 == '0.0', 0  == '-0.000', 0.0 === '0.0');//true  true  false

min和max比较

var_dump(max(1, null),  max(0.01, null)); //1  0.01 
var_dump(max(0, null), max(0.0, null),  max(-0.01, null)); //0   0.0  -0.01
var_dump(min(1, null),  min(0.01, null)); //NULL  NULL 
var_dump(min(0, null), min(0.0, null),  min(-0.01, null)); //0   0.0  NULL

0和NULL的最小值比较也有点难以理解

去掉全角/半角空格

$str = 'sdf dfd  
 s　 ss   　　　h中文h';
var_dump(preg_replace(['/\s/', '/[\x{3000}]/u'], '', $str));//sdfdfdsssh中文h

验证清理

# email
$email = "user@example.com";
$email2 = 'a@&*%$#a@test.com';
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL)); //user@example.com
var_dump(filter_var($email2, FILTER_VALIDATE_EMAIL)); //false

# URL
$url = "https://www.example.com/page";
$url2 = "https://www.example.com";
var_dump(filter_var($url, FILTER_VALIDATE_URL)); //https://www.example.com/page
var_dump(filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED)); //https://www.example.com/page
var_dump(filter_var($url2, FILTER_VALIDATE_URL)); //https://www.example.com
var_dump(filter_var($url2, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED)); //false

# IP
$ip = "192.168.1.1";
var_dump(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)); //192.168.1.1

# 移除HTML标签
$input = "<script>alert('xss')</script>";
var_dump(strip_tags($input)); //alert('xss')

# 转义特殊字符
$input = "I'm a \"string\"";
// var_dump(filter_var($input, FILTER_SANITIZE_SPECIAL_CHARS)); //I&#039;m a &quot;string&quot;

# 清理URL中的非法字符
$url = "https://example.com/<script>";
// var_dump(filter_var($url, FILTER_SANITIZE_URL)); //https://example.com/

# 验证整数范围
$age = "25";
$options = ["options" => ["min_range" => 18, "max_range" => 60]];
var_dump(filter_var($age, FILTER_VALIDATE_INT, $options)); //25

# 自定义回调验证
$data = "custom_data";
var_dump(filter_var($data, FILTER_CALLBACK, ["options" => function ($v) {
    return $v === "custom_data" ? $v : false;
}]));//custom_data

# 处理字符串防止SQL注入
function filterStr($input)
{
    // 正则匹配高危字符（包括注释、引号、逻辑运算符等）
    $pattern = '/(\/\*|\*\/|--|#|\'|"|;|\\\|\||\b(OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP|ALTER|CREATE|EXEC|XP_)\b)/i';
    $filtered = preg_replace($pattern, '', strip_tags(trim($input)));
    $filtered = preg_replace('/0x[0-9a-f]+/i', '', $filtered);
    return htmlspecialchars($filtered, ENT_QUOTES, 'UTF-8');
}
$userInput = "admin' (OR 1=1)-- /* DROP TABLE users */";
echo filterStr($userInput); // 输出：admin ( 1=1) TABLE users