Inspekt is a PHP library that makes it easier to write secure web applications, and released under New BSD License. Inspekt acts as a sort of ‘firewall’ API between user input and the rest of the application. It takes PHP superglobal arrays, encapsulates their data in an “cage” object, and destroys the original superglobal. Data can then be retrieved from the input data object using a variety of accessor methods that apply filtering, or the data can be checked against validation methods. Raw data can only be accessed via a ‘getRaw()’ method, forcing the developer to show clear intent.

Inspekt is built upon Chris Shiflett’s original Zend_Filter_Input component (now deprecated) from the Zend Framework. Main features include :

  • ‘Cage’ objects that encapsulate input and require the coder to use the provided filtering and validation methods to access input data
  • Automatic application of filtering as defined in a configuration file
  • A library of static filtering and validation methods
  • A simple, clear API
  • No external dependencies

A sample usage of Inspekt :