PHP Filters

Validating data = Determine if the data is in proper form. Sanitizing data = Remove any illegal character from the data.

The PHP Filter Extension

PHP filters are used to validate and sanitize external input. The PHP filter extension has many of the functions needed for checking user input, and is designed to make data validation easier and quicker. The filter_list() function can be used to list what the PHP filter extension offers:

Example -

<head> <style> table, th, td { border: 1px solid black; border-collapse: collapse; } th, td { padding: 5px; } </style> </head> <body> <table> <tr> <td>Filter Name</td> <td>Filter ID</td> </tr> <?php foreach (filter_list() as $id =>$filter) { echo '<tr><td>' . $filter . '</td><td>' . filter_id($filter) . '</td></tr>'; } ?> </table> </body> </html>

Run Example

PHP filter_var() Function

The filter_var() function both validate and sanitize data. The filter_var() function filters a single variable with a specified filter. It takes two pieces of data:

The variable you want to check

The type of check to use

Sanitize a String

The following example uses the filter_var() function to remove all HTML tags from a string:

Example -

<?php $str = "<h1>Hello World!</h1>"; $newstr = filter_var($str, FILTER_SANITIZE_STRING); echo $newstr; ?>

Run Example

Validate an Integer

Example -

<?php $int = 100; if (!filter_var($int, FILTER_VALIDATE_INT) === false) { echo("Integer is valid"); } else { echo("Integer is not valid"); } ?>

Run Example

Validate an IP Address

The following example uses the filter_var() function to check if the variable $ip is a valid IP address:

Example -

<?php $ip = "127.0.0.1"; if (!filter_var($ip, FILTER_VALIDATE_IP) === false) { echo("$ip is a valid IP address"); } else { echo("$ip is not a valid IP address"); } ?>

Run Example

Sanitize and Validate an Email Address

The following example uses the filter_var() function to first remove all illegal characters from the $email variable, then check if it is a valid email address:

Example -

<?php $email = "user@example.com"; // Remove all illegal characters from email $email = filter_var($email, FILTER_SANITIZE_EMAIL); // Validate e-mail if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) { echo("$email is a valid email address"); } else { echo("$email is not a valid email address"); } ?>

Run Example