PHP Filters are used to determine if the data is valid or not and it also removes if used any illegal data is present.
Many functions are depicted by PHP filters to check the input given by the user which makes the form validation easier. To check this list of functions, use filter_list() function.
Example
Below is the php code that shows the list of PHP Filter functions.
[php]
<!DOCTYPE html>
<html>
<body>
<table>
<tr>
<td>Filter Name</td>
<td>Filter ID</td>
</tr>
<?php
foreach (filter_list() as $id =>$filter) {
echo '<tr>
<td>' .$filter. '</td>
<td>' .filter_id($filter). '</td>
</tr>';
}
?>
</table>
</body>
</html>
[/php]
Output:
[html]
Filter Name Filter ID
int 257
boolean 258
float 259
validate_regexp 272
validate_url 273
validate_email 274
validate_ip 275
validate_mac 276
string 513
stripped 513
encoded 514
special_chars 515
full_special_chars 522
unsafe_raw 516
email 517
url 518
number_int 519
number_float 520
magic_quotes 521
callback 1024
[/html]
Sanitizing a String
Example
Sanitizing is removing unwanted characters from the given data. Below is an example that removes the script tags assigned inside the string.
[php]
<!DOCTYPE html>
<html>
<body>
<?php
$str="<script>\"SPLessons PHP Tutorial\"</script>";
echo filter_var($str,FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES);
/*
OUTPUT
"SPLessons PHP Tutorial"
*/
?>
</body>
</html>
[/php]
Output:
[html]"SPLessons PHP Tutorial"[/html]
Validating Integer values
Example
In the below example, filter_var() function is used to filter out a value that is saved in a variable. It has parameters as the variables to be filtered, the filter used to validate/sanitize the variable, options/flags.
[php]
<!DOCTYPE html>
<html>
<body>
<?php
$no=67;
$min=10;
$max=100;
echo filter_var($no,FILTER_VALIDATE_INT,array("options"=>array("min_range"=>$min,"max_range"=>$max)));
?>
</body>
</html>
[/php]
Output: 67
Sanitize and Validate an Email Address
Example
Below example utilizes the filter_var() function to initially delete all illegal characters from the variable $email, then verify if it is a valid email address.
[php]
<!DOCTYPE html>
<html>
<body>
<?php
$email1 = "hello world";
$email2 = "splessons@gmail.com";
// Remove all illegal characters from email
$email1 = filter_var($email1, FILTER_SANITIZE_EMAIL);
$email2 = filter_var($email2, FILTER_SANITIZE_EMAIL);
// Validate e-mail1
if (!filter_var($email1, FILTER_VALIDATE_EMAIL) === false) {
echo("$email1 is a valid email address");
} else {
echo("$email1 is not a valid email address<br>");
}
// Validate e-mail2
if (!filter_var($email2, FILTER_VALIDATE_EMAIL) === false) {
echo("$email2 is a valid email address");
} else {
echo("$email2 is not a valid email address");
}
?>
</body>
</html>
[/php]
Output:
[php]
helloworld is not a valid email address
splessons@gmail.com is a valid email address
[/php]
Sanitize and Validate a URL
Example
Below example utilizes the filter_var() function to initially delete all illegal characters from the variable $url, then verify if it is a valid URL.
[php]
<!DOCTYPE html>
<html>
<body>
<?php
$url1 = "http://www.splessons.com";
$url2 = "splessons.com";
// Remove all illegal characters from a url
$url1 = filter_var($url1, FILTER_SANITIZE_URL);
$url2 = filter_var($url2, FILTER_SANITIZE_URL);
// Validate url1
if (!filter_var($url1, FILTER_VALIDATE_URL) === false) {
echo("$url1 is a valid URL<br>");
} else {
echo("$url1 is not a valid URL");
}
// Validate url2
if (!filter_var($url2, FILTER_VALIDATE_URL) === false) {
echo("$url2 is a valid URL");
} else {
echo("$url2 is not a valid URL");
}
?>
</body>
</html>
[/php]
Output:
[php]
http://www.splessons.com is a valid URL
splessons.com is not a valid URL
[/php]
Summary
Key Points
filter_list() function gives the list of filter functions.
filter_var() function is used to filter out a value that is saved in a variable.