The PHP development team has announced the immediate release of PHP 5.2.0. This release is a major improvement in the 5.X series, which includes a large number of new features, bug fixes and security enhancements.
Further details about this release can be found in the release announcement 5.2.0, and the full list of changes is available in the ChangeLog PHP 5.
To me, one of the most important thing that come with this new release is the addition of input filtering extension which enabled by default. If you have no idea about this extension then you should take a look at this tutorial from Zend developer zone.
For many years, unlike any other languages, PHP did not have any standards functions to filter out data from external world (like cgi or perl). You’d likely have to write additional codes yourself to do this. So this input filter
extension which for some time sit in PECL package surely makes our lives easier.
As an illustration, this is what you’d do to make sure that only integer is passed by query string,
if (isset($_GET['mode'])) { if (!is_numeric($_GET['mode'])) { echo "The 'mode' argument must be a valid integer."; exit(); } $mode = (int)$_GET['mode']; } else { echo "The 'mode' argument is missing."; exit(); }
This is what you can do using filter extension,
$mode = filter_input(INPUT_GET, 'mode', FILTER_VALIDATE_INT); if (is_null($mode)) { echo "The 'mode' argument is missing."; exit(); } elseif ($mode === false) { echo "The 'mode' argument must be a valid integer."; exit(); } else { echo "mode is: $mode."; }
Of course there are other filter you can use, like filtering URL, Email or IP. All are described in its manual.