Home
Resources | Scripts | Themes | Tutorials | Web Hosting | Marketplaces | Affiliate Programs | Top Lists | More | Services | E-Commerce | Jobs

PHP Filters

By SamK
0
0 recommends
Category(s)
Web Development
Topic(s)
PHP

PHP filters are tools that help validate and sanitize external input efficiently. The PHP filter extension provides numerous functions for checking and processing user input, making data validation faster and more straightforward.

The user input sources may include:

  • Form submission data
  • Cookies
  • Database query results
  • Server variables
  • Data from web services

The available options in the PHP filter extension are:

  • int
  • boolean
  • float
  • validate_regexp
  • validate_domain
  • validate_url
  • validate_email
  • validate_ip
  • validate_mac
  • string
  • stripped
  • encoded
  • special_chars
  • full_special_chars
  • unsafe_raw
  • email
  • url
  • number_int
  • number_float
  • add_slashes
  • callback

PHP filter_var() Function

The filter_var() function can be used to both validate and sanitize data.

This function filters a single variable based on a specified filter and requires two main inputs:

  • The variable to be checked
  • The type of filter to apply

You can add a third parameter as well, if required, to specify additional options for the second parameter.

Sanitize a String

The example below demonstrates how the filter_var() function can be used to strip all HTML tags from a string.

<?php
$str = "<h1>Hello PHP!</h1>";
$newstr = filter_var($str, FILTER_SANITIZE_STRING); 
echo $newstr;
/*
Output:
Hello PHP!
*/
?>

Validate an Integer

In the example below, the filter_var() function checks whether the variable $int is an integer and within the specified range.

<?php
$int = 90;
// Validate if the value is a valid integer within the range 10-100
$options = array(
    "options" => array(
        "min_range" => 10,
        "max_range" => 100
    )
);
if (filter_var($int, FILTER_VALIDATE_INT, $options)) {
    echo "The integer is valid and within the range.";
} else {
    echo "The integer is not valid or out of range.";
}
/*
Output:
The integer is valid and within the range.
*/
?>

Validate an IP Address

In the example below, the filter_var() function checks whether the variable $ip_address contains a valid IP address.

<?php
$ip_address = "300.300.300.300";  // Invalid IP address
if (filter_var($ip_address, FILTER_VALIDATE_IP) !== false) {
    echo "$ip_address is a valid IP address.";
} else {
    echo "$ip_address is not a valid IP address.";
}
/*
Output:
300.300.300.300 is not a valid IP address.
*/
?>

Validate an IPv6 Address

The example below demonstrates how to use the filter_var() function to verify whether the variable $ip contains a valid IPv6 address.

<?php
$ip = "2001:db8::abcd"; // Valid IP address
// Validate ip as IPv6
if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) {
  echo("$ip is a valid IPv6 address");
} else {
  echo("$ip is not a valid IPv6 address");
}
/*
Output:
2001:db8::abcd is a valid IPv6 address
*/
?>

Sanitize and Validate an Email Address

The example below demonstrates how to use the filter_var() function to first sanitize an email address by removing any illegal characters, and then check if it is a valid email address.

<?php
$email = "info@ example.com"; // Original email
$sanitizedEmail = filter_var($email, FILTER_SANITIZE_EMAIL);
if (filter_var($sanitizedEmail, FILTER_VALIDATE_EMAIL)) {
    echo "$sanitizedEmail is a valid email address after sanitization.";
} else {
    echo "$sanitizedEmail is not a valid email address.";
}
/*
Output:
info@example.com is a valid email address after sanitization.
*/
?>

Sanitize and Validate a URL

The example below demonstrates how to use the filter_var() function to first sanitize a URL by removing any illegal characters, and then check if it is a valid URL.

<?php
$url = "https://www.webmastermaze.com"; // Original URL
$sanitizedURL = filter_var($url, FILTER_SANITIZE_URL); // Sanitized URL
if (filter_var($sanitizedURL, FILTER_VALIDATE_URL)) {
  echo "$sanitizedURL is a valid URL after sanitization.";
} else {
  echo "$sanitizedURL is not a valid URL after sanitization.";
}
/*
Output:
https://www.webmastermaze.com is a valid URL after sanitization.
*/
?>

QueryString Validation

The example below demonstrates how to use the filter_var() function to determine whether the variable $url is a valid URL that includes a query string.

<?php
$url = "https://www.example.com/path?name=value&age=30";  // URL with a query string

// Validate the URL and check if it contains a query string
if (filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED) !== false) {
   echo "$url is a valid URL with a query string.";
} else {
   echo "$url is not a valid URL with a query string.";
}

/*
Output:
https://www.example.com/path?name=value&age=30 is a valid URL with a query string.
*/
?>

Questions & Answers