6 PHP Filters You Must Know. With Examples

Posted by TotalDC

We are successfully continuing our PHP tutorial series. In this article I will present 6 PHP filters you must know for user input validation.

Validating And Sanitizing Data With Filters

Sanitization and validation of user input data is one of the most common tasks while creating your website. To make it easier PHP provides filters that you can use to sanitize or validate email addresses, URL’s, IP addresses and more.

To validate data using filters you need to use PHP’s filter_var() function. Syntax of this function looks like this:

filter_var(variable, filter, options)

This function takes three parameters out of which the last two are optional. First parameter is the value you want to sanitize or validate, second – the ID of the filter to apply and the third parameter is the array of options related to the filter.

Sanitize A String

Following example sanitizes the string by removing all HTML tags from it:

<?php
// Sample comment
$comment = "<h1>This is a random comment from user</h1>";
 
// Sanitize and print comment string
$sanitizedComment = filter_var($comment, FILTER_SANITIZE_STRING);
print $sanitizedComment;
?>

Result:

This is a random comment from user

Validation Of Integer Values

Following example will check if value is integer or not:

<?php
// Sample integer value
$int = 0;
 
// Validate sample integer value
if(filter_var($int, FILTER_VALIDATE_INT) === 0 || filter_var($int, FILTER_VALIDATE_INT)){
    print "The <b>$int</b> is a valid integer";
} else{
    print "The <b>$int</b> is not a valid integer";
}
?>

Validate Integer Within Given Range

In the following example you will see how to validate whether the value is an integer or not and if it lies within the given range, in this example 0 to 100:

<?php
// Sample integer value
$int = 75;
 
// Validate sample integer value
if(filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range" => 0,"max_range" => 100)))){
    print "The <b>$int</b> is within the range of 0 to 100";
} else{
    print "The <b>$int</b> is not within the range of 0 to 100";
}
?>

Validate IP Address

Following example will check whether the value is a valid IP address or not:

<?php
// Sample IP address
$ip = "172.16.254.1";
 
// Validate sample IP address
if(filter_var($ip, FILTER_VALIDATE_IP)){
    print "The <b>$ip</b> is a valid IP address";
} else {
    print "The <b>$ip</b> is not a valid IP address";
}
?>

You can apply validation for IPV4 and IPV6 as shown in this example:

<?php
// Sample IP address
$ip = "172.16.254.1";
 
// Validate sample IP address
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)){
    print "The <b>$ip</b> is a valid IPV6 address";
} else {
    print "The <b>$ip</b> is not a valid IPV6 address";
}
?>

Sanitize And Validate Email Addresses

The following example shows how to sanitize and validate email address by removing all invalid characters from the email address string:

<?php
// Sample email address
$email = "random@@example.com";
 
// Remove all illegal characters from email
$sanitizedEmail = filter_var($email, FILTER_SANITIZE_EMAIL);
 
// Validate email address
if($email == $sanitizedEmail && filter_var($email, FILTER_VALIDATE_EMAIL)){
    print "The $email is a valid email address";
} else{
    print "The $email is not a valid email address";
}
?>

Sanitize And Validate URLs

In the following example you will see how to sanitize and validate URL:

<?php
// Sample website url
$url = "http:://www.example.com";
 
// Remove all illegal characters from url
$sanitizedUrl = filter_var($url, FILTER_SANITIZE_URL);
 
// Validate website url
if($url == $sanitizedUrl && filter_var($url, FILTER_VALIDATE_URL)){
    print "The $url is a valid website url";
} else{
    print "The $url is not a valid website url";
}
?>

Also you can check whether URL contains query string by using the FILTER_FLAG_QUERY_REQUIRED:

<?php
// Sample website url
$url = "http://www.example.com?topic=filters";
 
// Validate website url for query string
if(filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED)){
    print "The <b>$url</b> contains query string";
} else{
    print "The <b>$url</b> does not contain query string";
}
?>

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow me on:

Featured posts:

Card image cap
5 Websites That Will Help You Practice Your Web Development Skills
Posted by TotalDC in CSS, Featured, HTML, JavaScript, Tutorial
Card image cap
5 YouTube Channels To Learn Web Development For Free
Posted by TotalDC in Featured, Tutorial
Card image cap
JavaScript Cheat Sheet That Will Make Your Developers Life Easier
Posted by TotalDC in Cheatsheet, Featured, JavaScript
Card image cap
4 Tips On How To Get Your Website Indexed By Google The Fast Way. Guide For 2022
Posted by TotalDC in Featured, Google, How To
Card image cap
WordPress.org or WordPpress.com. Which One Is Better In 2022
Posted by TotalDC in Featured, WordPress
%d bloggers like this: