PHP Tutorials
PHP Introduction
PHP Install
PHP Syntax
PHP Echo/Print
PHP Comments
PHP Variables
PHP DataTypes
PHP Numbers
PHP Math
PHP Strings
PHP If..else
PHP Operators
PHP Loops
PHP Functions
PHP Forms
PHP Form Handling
PHP Form Validation
PHP Form Required
PHP Form Complete
PHP Advanced
PHP Include
PHP File Handling
PHP Cookies
PHP Sessions
PHP Filters
PHP JSON
PHP Exceptions
PHP OOP
PHP What is OOP
PHP OOP Classes/Objects
PHP Constructors
PHP Destructors
PHP Access Modifiers
PHP Interfaces
PHP Traits
PHP Iterables
Previous
PHP Filters
Data verification = Find out if the data is in good condition.
Sanitizing data = Delete any illegal characters in data.
The PHP Filter Extension
PHP filters are used to verify and clean external inputs.
The PHP filter extension has many functions required to test user input, and is designed to make data verification easier and faster.
The filter_list () function can be used to write what the PHP filter extension offers:
Example
<table>
<tr>
<td>Filter Name</td>
<td>Filter ID</td>
</tr>
<?php
foreach (filter_list() as $id =>$filter) {
echo '<tr><td>' . $filter . '</td><td>' . filter_id($filter) . '</td></tr>';
}
?>
</table>
Why Use Filters?
Many web applications receive external inputs. External inputs / data can be:
- User input from the form
- Cookies
- Web services data
- Server variables
- Website query results
You should always verify external data!
Invalid submitted data can lead to security issues and break your webpage!
By using PHP filters you can make sure your app gets the right input!
PHP filter_var() Function
Filter_var () is a data verification function.
The filter_var () function filters one distinct filter with a specified filter. Two pieces of data are required:
- The variables you want to test
- Type of check to be used
Sanitize a String
The following example uses the filter_var () function to remove all HTML tags in a string:
Example
<?php
$str = "<h1>Hello World!</h1>";
$newstr = filter_var($str, FILTER_SANITIZE_STRING);
echo $newstr;
?>
Validate an Integer
The following example uses the function filter_var () to check if $ int is a total value. If $ int is the total value, the output of the code below will be: "Integer is valid". If $ int is not a whole number, the output will be: "Invalid number":
Example
<?php
$int = 100;
if (!filter_var($int, FILTER_VALIDATE_INT) === false) {
echo("Integer is valid");
} else {
echo("Integer is not valid");
}
?>
Tip: filter_var() and Problem With 0
In the example above, if $ int was set to 0, the function above would return "Invalid Integer". To resolve this issue, use the code below:
Example
<?php
$int = 0;
if (filter_var($int, FILTER_VALIDATE_INT) === 0 || !filter_var($int, FILTER_VALIDATE_INT) === false) {
echo("Integer is valid");
} else {
echo("Integer is not valid");
}
?>
Validate an IP Address
The following example uses the filter_var () function to check if the $ ip variable is a valid IP address:
Example
<?php
$ip = "127.0.0.1";
if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
echo("$ip is a valid IP address");
} else {
echo("$ip is not a valid IP address");
}
?>
Sanitize and Validate an Email Address
The following example uses the function filter_var () to first delete all illegal characters in a $ email variable, and then check if the email address is valid:
Example
<?php
$email = "john.doe@example.com";
// Remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
// Validate e-mail
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
echo("$email is a valid email address");
} else {
echo("$email is not a valid email address");
}
?>
Sanitize and Validate a URL
The following example uses the function filter_var () to first delete all illegal characters in a URL, and then check if the $ url is a valid URL:
Example
<?php
$url = "https://www.w3schools.com";
// Remove all illegal characters from a url
$url = filter_var($url, FILTER_SANITIZE_URL);
// Validate url
if (!filter_var($url, FILTER_VALIDATE_URL) === false) {
echo("$url is a valid URL");
} else {
echo("$url is not a valid URL");
}
?>