HOME C C++ PYTHON JAVA HTML CSS JAVASCRIPT BOOTSTRAP JQUERY REACT PHP SQL AJAX JSON DATA SCIENCE AI

PHP Filters

Validating data = Determine if the data is in proper form.

Sanitizing data = Remove any illegal character from the data.


The PHP Filter Extension


PHP filters are used to validate and sanitize external input.


The filter_list() function can be used to list what the PHP filter extension offers:




Example


<!DOCTYPE html>
<html>
<head>
<style>
table, th, td {
  border: 1px solid black;
  border-collapse: collapse;
}
th, td {
  padding: 5px;
}
</style>
</head>
<body>

<table>
  <tr>
    <td>Filter Name
    <td>Filter ID
  </tr>
  <?php
  foreach (filter_list() as $id =>$filter) {
    echo '' . $filter . '' . filter_id($filter) . '';
  }
  ?>
</table>

</body>
</html>

Output






• Why Use Filters?


Many web applications receive external input. External input/data can be:

User input from a form
Cookies
Web services data
Server variables
Database query results



• PHP filter_var() Function


The filter_var() function both validate and sanitize data.

The filter_var() function filters a single variable with a specified filter. It takes two pieces of data:


The variable you want to check

The type of check to use


• Sanitize a String


The following example uses the filter_var() function to remove all HTML tags from a string:



<!DOCTYPE html>
<html>
<body>

<?php
$str = "<h1>Hello World!</h1>";
$newstr = filter_var($str, FILTER_SANITIZE_STRING);
echo $newstr;
?>

</body>
</html>

Output

Hello World!

• Validate an Integer


The following example uses the filter_var() function to check if the variable $int is an integer. If $int is an integer, the output of the code below will be: "Integer is valid". If $int is not an integer, the output will be: "Integer is not valid":



<!DOCTYPE html>
<html>
<body>

<?php
$int = 100;

if (!filter_var($int, FILTER_VALIDATE_INT) === false) {
  echo("Integer is valid");
} else {
  echo("Integer is not valid");
}
?>

</body>
</html>

Output

Integer is valid

• Validate an IP Address


The following example uses the filter_var() function to check if the variable $ip is a valid IP address:



<!DOCTYPE html>
<html>
vbody>

<?php
$ip = "127.0.0.1";

if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
  echo("$ip is a valid IP address");
} else {
  echo("$ip is not a valid IP address");
}
?>

</body>
</html>

Output

127.0.0.1 is a valid IP address

• Sanitize and Validate an Email Address


The following example uses the filter_var() function to first remove all illegal characters from the $email variable, then check if it is a valid email address:



<!DOCTYPE html>
<!html>
<!body>

<!?php
$email = "john.doe@example.com";

// Remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);

// Validate e-mail
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
  echo("$email is a valid email address");
} else {
  echo("$email is not a valid email address");
}
?>

<!/body>
<!/html>

Output

john.doe@example.com is a valid email address

• Sanitize and Validate a URL


The following example uses the filter_var() function to first remove all illegal characters from a URL, then check if $url is a valid URL:



<!DOCTYPE html>
<html>
<body>

<?php
$url = "https://www.codelines.com";

// Remove all illegal characters from a url
$url = filter_var($url, FILTER_SANITIZE_URL);

// Validate url
if (!filter_var($url, FILTER_VALIDATE_URL) === false) {
  echo("$url is a valid URL");
} else {
  echo("$url is not a valid URL");
}
?>

</body>
</html>

Output

https://www.codelines.com is a valid URL