Don't Trust Your Users
0 likes514 views
Chris Tankersley's presentation discusses the importance of data validation and filtering in PHP development. He emphasizes that client-side validation is not enough and server-side validation is crucial for ensuring data integrity. The talk also introduces various validation libraries and rules while encouraging developers to adopt best practices in handling user input.
![10
HTML5 Validation
<input type="email" required>
<input type="text" pattern="d{5}([-]d{4})?)">](https://image.slidesharecdn.com/donttrustyourusers-141030110108-conversion-gate02/85/Don-t-Trust-Your-Users-10-320.jpg)
Don't Trust Your Users
- 1. Don't Trust Your Users Chris Tankersley ZendCon 2014
- 2. 2 Who Am I? ● A PHP Developer for 10 Years ● Lots of projects no one uses, and a few some do ● https://github.com/dragonmantank
- 3. 3 Everyone Loves a Story http://northweststate.edu/about-nscc/
- 4. 4 Programming is Just Acronyms ● DRY – Don't Repeat Yourself ● KISS – Keep It Simple, Stupid ● IPO – Input, Process, Output
- 5. 5 GIGO – Garbage In, Garbage Out
- 6. 6 Users Are a Nice Big Family
- 7. 7 Some People Want To Watch The World Burn
- 8. 8 We Love Contact Forms
- 9. 9 Client Side Validation
- 10. 10 HTML5 Validation <input type="email" required> <input type="text" pattern="d{5}([-]d{4})?)">
- 11. 11 Browsers Suck http://caniuse.com/#search=required
- 12. 12 Server Side is Necessary http://cucher.iblogger.org/images/as400_family.jpg
- 13. 13 Filtering vs Validation
- 14. 14 Removes Unwanted 'Stuff'
- 15. 15 Filtering changes things https://www.flickr.com/photos/httpwwwflickrcompeoplenadar/3349883/sizes/l
- 16. 16 Filtering changes things
- 17. 17 Validation Judges Things
- 18. 18 Most Libraries Do Both
- 19. 19 PHP's Filter Module
- 20. 20 Some Background ● Enabled by default since 5.2.0 ● Provides both Validation and Filtering ● Very easy to use to work with data ● Exposed via the 7 basic functions
- 21. 21 Validation is Easy and Fun! <?php var_dump(filter_var('755', FILTER_VALIDATE_INT)); var_dump(filter_var('755.0', FILTER_VALIDATE_INT)); int(755) bool(false)
- 22. Basic Validation Out of the Box 22
- 23. 23 We can clean up data as well filter_var('ID 655', FILTER_SANITIZE_NUMBER_INT); string(3) '655'
- 24. 24 What can we clean up?
- 25. 25 What can we clean up?
- 26. 26 Manual Filters function myFilter($string) { return substr($string, 5); } $output = filter_var('This is my test string', FILTER_CALLBACK, array( 'options' => 'myFilter', ))); string(12) 'is my string'
- 27. 27 Does big jobs as well
- 28. 28 Aura.Filter
- 29. 29 Easy To Use
- 30. 30 Rule Types ● Soft Rules – Doesn’t Stop Validation Chain ● Hard Rules – Stop Validation Chain For This Element ● Stop Rules – Stop All Validation
- 31. 31 Validation and Filtering ● RuleCollection::IS – Must match the rule ● RuleCollection::IS_NOT – Must not match ● RuleCollection::IS_BLANK_OR – Must be blank or match ● RuleCollection::FIX – Sanitize The Data ● RuleCollection::FIX_IS_BLANK_OR – Fix if not blank
- 32. 32 Bundled Rules ● Alnum ● Alpha ● Between ● Blank ● Bool ● Credit Card ● DateTime ● Email ● Equal To Field ● Equal To Value ● Float ● In Array Keys ● In Array Values ● Int ● ipv4 ● Locale ● Max ● Min ● Regex ● Strict Equals ● String(length, min,max) ● Trim ● Upload ● Url
- 33. 33 Custom Rules ● Extend AuraFilterAbstractRule ● Implement validate() and sanitize() ● Add to the Rule Locator
- 34. 34 Check it out https://github.com/auraphp/Aura.Filter
- 35. 35 Use Your Framework's
- 36. 36 Zend Framework 2
- 37. 37 ZendValidator
- 38. 38 ZendValidator
- 39. 39 ZendValidator
- 42. Symfony2 Validator Read the docs - http://symfony.com/doc/current/book/validation.html 42
- 44. 44 Use with Forms
- 45. 45 Always Look First
- 46. 46 One Last Thing
- 47. 47 Validation is Hard
- 48. 48 Questions?
- 49. 49 Thanks! ● https://joind.in/talk/view/12063 ●@dragonmantank ● chris@ctankersley.com