11.4. Zend_Filter_Input

11.4.1. Introduction

Zend_Filter_Input provides facilities to promote a structured approach to input data filtering. It serves multiple purposes because it caters to the needs of three different groups of people:

  • Developers

    Although filtering input can never be as easy as doing nothing, developers need to ensure the integrity of their data without adding unnecessary complexity to their code.

  • Managers

    Managers of all types who need to maintain control over a large group of developers can enforce a structured approach to input filtering by restricting or eliminating access to raw input.

  • Auditors

    Those who audit an application's code need to quickly and reliably identify when and where raw input is used by a developer. The characteristics that promote code clarity also aid auditors by providing a clear distinction among the different approaches to input filtering.

There are a variety of approaches to input filtering, and there are also a variety of methods that PHP developers can use. Whitelist filtering, blacklist filtering, regular expressions, conditional statements, and native PHP functions are just a few examples of the input filtering potpourri.

11.4.2. Theory of Operation

In order to provide a structured approach to input filtering, by default, Zend_Filter_Input attempts to enforce controlled access to input by setting the reference to the source data array to null.

In the default (strict) approach, a single argument is passed to the constructor - an array of data to filter. Unfiltered data may only be accessed through the getRaw() method:

<?php
// $_POST['email'] === 'webmaster@example.com'

// Filter the $_POST data array
require_once 'Zend/Filter/Input.php';
$filterPost = new Zend_Filter_Input($_POST);

// $_POST is now null
echo null === $_POST ? 'yes' : 'no'; // prints 'yes'

// Get the raw e-mail value
echo $filterPost->getRaw('email'); // prints 'webmaster@example.com'

Zend_Filter_Input sets the array that is passed ($_POST) to null, so direct access is no longer possible. (The raw data are only available through the getRaw() method, which is much easier to monitor and/or avoid altogether.)

In the optional (non-strict) approach, false is passed as the second argument to the constructor:

<?php
// $_POST['email'] === 'webmaster@example.com'

// Filter the $_POST data array
require_once 'Zend/Filter/Input.php';
$filterPost = new Zend_Filter_Input($_POST, false);

// $_POST remains not null
echo null === $_POST ? 'yes' : 'no'; // prints 'no'

// Get the raw e-mail value
echo $filterPost->getRaw('email'); // prints 'webmaster@example.com'

The use of the filter is exactly the same, but Zend_Filter_Input does not set the original array ($_POST) to null, so developers can still access it directly. This approach is discouraged in favor of the strict approach.

Zend_Filter_Input is designed primarily with arrays in mind. Many sources of input are already covered by PHP's superglobal arrays ($_GET, $_POST, $_COOKIE, etc.), and arrays are a common construct used to store input from other sources. If you need to filter a scalar, see Chapter 11, Zend_Filter.