6 PHP Filters You Must Know. With Examples

Posted by TotalDC

We are successfully continuing our PHP tutorial series. In this article I will present 6 PHP filters you must know for user input validation.

Validating And Sanitizing Data With PHP Filters

Sanitization and validation of user input data is one of the most common tasks while creating your website. To make it easier PHP provides filters that you can use to sanitize or validate email addresses, URLs, IP addresses, and more.

To validate data using filters you need to use PHP’s filter_var() function. The syntax of this function looks like this:

filter_var(variable, filter, options)

This function takes three parameters out of which the last two are optional. The first parameter is the value you want to sanitize or validate, the second – is the ID of the filter to apply and the third parameter is the array of options related to the filter.

Sanitize A String In PHP

The following example sanitizes the string by removing all HTML tags from it:

<?php
// Sample comment
$comment = "<h1>This is a random comment from user</h1>";
 
// Sanitize and print comment string
$sanitizedComment = filter_var($comment, FILTER_SANITIZE_STRING);
print $sanitizedComment;
?>

Result:

This is a random comment from user

Validation Of PHP Integer Values

The following example will check if the value is an integer or not:

<?php
// Sample integer value
$int = 0;
 
// Validate sample integer value
if(filter_var($int, FILTER_VALIDATE_INT) === 0 || filter_var($int, FILTER_VALIDATE_INT)){
    print "The <b>$int</b> is a valid integer";
} else{
    print "The <b>$int</b> is not a valid integer";
}
?>

Validate PHP Integer Within Given Range

In the following example, you will see how to validate whether the value is an integer or not and if it lies within the given range, in this example 0 to 100:

<?php
// Sample integer value
$int = 75;
 
// Validate sample integer value
if(filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range" => 0,"max_range" => 100)))){
    print "The <b>$int</b> is within the range of 0 to 100";
} else{
    print "The <b>$int</b> is not within the range of 0 to 100";
}
?>

Validate IP Address With PHP

The following example will check whether the value is a valid IP address or not:

<?php
// Sample IP address
$ip = "172.16.254.1";
 
// Validate sample IP address
if(filter_var($ip, FILTER_VALIDATE_IP)){
    print "The <b>$ip</b> is a valid IP address";
} else {
    print "The <b>$ip</b> is not a valid IP address";
}
?>

You can apply validation for IPV4 and IPV6 as shown in this example:

<?php
// Sample IP address
$ip = "172.16.254.1";
 
// Validate sample IP address
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)){
    print "The <b>$ip</b> is a valid IPV6 address";
} else {
    print "The <b>$ip</b> is not a valid IPV6 address";
}
?>

Sanitize And Validate Email Addresses With PHP

The following example shows how to sanitize and validate an email address by removing all invalid characters from the email address string:

<?php
// Sample email address
$email = "random@@example.com";
 
// Remove all illegal characters from email
$sanitizedEmail = filter_var($email, FILTER_SANITIZE_EMAIL);
 
// Validate email address
if($email == $sanitizedEmail && filter_var($email, FILTER_VALIDATE_EMAIL)){
    print "The $email is a valid email address";
} else{
    print "The $email is not a valid email address";
}
?>

Sanitize And Validate URLs In PHP

In the following example you will see how to sanitize and validate the URL:

<?php
// Sample website url
$url = "http:://www.example.com";
 
// Remove all illegal characters from url
$sanitizedUrl = filter_var($url, FILTER_SANITIZE_URL);
 
// Validate website url
if($url == $sanitizedUrl && filter_var($url, FILTER_VALIDATE_URL)){
    print "The $url is a valid website url";
} else{
    print "The $url is not a valid website url";
}
?>

Also, you can check whether the URL contains a query string by using the FILTER_FLAG_QUERY_REQUIRED:

<?php
// Sample website url
$url = "http://www.example.com?topic=filters";
 
// Validate website url for query string
if(filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED)){
    print "The <b>$url</b> contains query string";
} else{
    print "The <b>$url</b> does not contain query string";
}
?>