PHP Filters


Validating data = Check to see that the data is in a suitable format.

Sanitizing data = Remove any special characters which is not related to input data format.

You can also search for these topics, filter in php, php filter function, filter the list in php, use of php filter, php filter array of object, php filter array by value, php filter validate data, php filter sanitize data.

The PHP Filter Extension

The validate and sanitize of external input are done via PHP filters.

Many of the functions needed for verifying user input are included in the PHP filter extension, which is meant to make data validation easier and faster.

Example :- The filter_list() function can be used to display a list of the PHP filter extension's available options :

<!DOCTYPE html>
<html>
<body>

<table>
  <tr>
    <th>Filter Name</th>
    <th>Filter ID</th>
  </tr>
  <?php
  foreach (filter_list() as $id =>$filter) {
    echo '<tr><td>' . $filter . '</td><td>' . filter_id($filter) . '</td></tr>';
  }
  ?>
</table>

</body>
</html>

Output :-

Filter Name Filter ID
int257
boolean258
float259
validate_regexp272
validate_domain277
validate_url273
validate_email274
validate_ip275
validate_mac276
string513
stripped513
encoded514
special_chars515
full_special_chars522
unsafe_raw516
email517
url518
number_int519
number_float520
magic_quotes521
callback1024

You can also search for these topics, php filter file extension, filter extension in php example, php filter _var extension, default php extension function, php extension filter by pass.

Why Use Filters

Many web apps take input from the outside world. External data/input is possible :

  • User input from a form
  • Cookies
  • Web services data
  • Server variables
  • Database query results

External data should always be validated!

Inaccurate data submitted may cause security issues and crash your website!

You can ensure that your application receives the correct input by utilizing PHP filters!

You can also search for these topics, what is the use of php filters, why use filters in php, php input/data use filters, php filter validate external data, filters using php.

PHP filter_var() Function

Data is validate and sanitize using the filter_var() function.

A single variable with a specific filter is filtered by the filter_var() function.

It takes two pieces of data :

  • You're looking for a variable to test.
  • What form of check should you use?
You can also search for these topics, php filter_var() function, php validate function, php filter_var pieces of data, working of php filter_var function, use of php filter_var function.

Sanitize a String

The FILTER_SANITIZE_STRING option is used to remove any HTML tags and entities from the given input.

Example :-

<?php
$str = "<h1>Hello World!</h1>";
$newstr = filter_var($str, FILTER_SANITIZE_STRING);
echo $newstr;
?>

Output :-

Hello World!

You can also search for these topics, php sanitize a string, sanitize a string using php, php clean a string, php sanitize a string example, sanitize a string function in php.

Remove Characters With ASCII Value > 127

The FILTER_FLAG_STRIP_HIGH flag is used to remove any characters which have ASCII value greater than 127.

Example :- In this example, a string can be sanitized with filter_var(). Both HTML Tags and ASCII value > 127 characters will be deleted from the string :

<?php
// Variable to check
$str = "<h1>Hello WorldÆØÅ!</h1>";

// Remove HTML tags and all characters with ASCII value > 127
$newstr = filter_var($str, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
echo $newstr;
?>

Output :-

Hello World!

You can also search for these topics, php remove characters with ascii value>127, filter_var function to remove a character in php, Example for php remove characters with ascii value>127, how to sanitize a characters with ascii value use php.

Validate an Integer

The FILTER_VALIDATE_INT option is used to check whether a given input is interger or not.

Example :- The following example to determine whether the variable $x is an integer or not.

<?php
$x = 100;

if (!filter_var($x, FILTER_VALIDATE_INT) === false) {
  echo("x is integer");
} else {
  echo("x is not integer");
}

echo "<br />";

$y = 5.67;

if (!filter_var($y, FILTER_VALIDATE_INT) === false) {
  echo("y is integer");
} else {
  echo("y is not integer");
}

Output :-

x is integer
y is not integer

Tip: filter_var() and Problem With 0

The filter_var() function consider "0" is not an integer value.

Example :- Use the following code to solve this problem with "0":

<?php
$int = 0;

if (filter_var($int, FILTER_VALIDATE_INT) === 0 || !filter_var($int, FILTER_VALIDATE_INT) === false) {
  echo("Integer is valid");
} else {
  echo("Integer is not valid");
}
?>

Output :-

Integer is valid

You can also search for these topics, validate an integer, example for validate an integer, filter_var() and Problem With 0, filter_var() and Problem With 0 example, how to validate an ip address.

Validate an Integer Within a Range

The filter_var() function also used to check the given integer value is within a range or not.

Example :- This example utilises the filter_var() method to check for an INT type variable, which runs from 1 to 200s :

<?php
/* variable to check */
$int = 122;

/* min value */
$min = 1;
/* max value */
$max = 200;

if (filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range"=>$min, "max_range"=>$max))) === false) {
  echo("Variable value is not within the legal range");
} else {
  echo("Variable value is within the legal range");
}
?>

Output :-

Variable value is within the legal range

You can also search for these topics, php filter advanced, how to Validate an Integer Within a Range using php, find out integer within a range in php, php validate range of an integer, filter_var() function to Validate an Integer Within a Range in php, Example for php Validate an Integer Within a Range.

Validate an IP Address

The FILTER_VALIDATE_IP option is used to check or validate whether the given input is a valid computer IP Address or not.

Example :- To check an IPV4 Address

<?php
$ip = "127.0.0.1";

if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
  echo("$ip is a valid IP address");
} else {
  echo("$ip is not a valid IP address");
}
?>

Output :-

127.0.0.1 is a valid IP address

Validate IPv6 Address

The FILTER_FLAG_IPV6 option is used check whether an input is IPV6 Address or not.

Example :- In this instance, the filter_var() method checks if the $ip variable is a valid IPv6 address :

<?php
// Variable to check
$ip = "2001:0db8:85a3:08d3:1319:8a2e:0370:7334";

// Validate ip as IPv6
if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) {
  echo("$ip is a valid IPv6 address");
} else {
  echo("$ip is not a valid IPv6 address");
}
?>

Output :-

2001:0db8:85a3:08d3:1319:8a2e:0370:7334 is a valid IPv6 address

You can also search for these topics, how to validate IP address in php, validate IPv4 and IPv6 address in php, example ipaddress, how to Validate IPv6 Address using php, filter_var function Validate IPv4 and IPv6 Address in php, find the php IPv6 address, Example for php Validate IPv6 Address.

Sanitize and Validate an Email Address

The FILTER_SANITIZE_EMAIL and FILTER_VALIDATE_EMAIL options are used to sanitize and validate an email address from the given input data.

The FILTER_SANITIZE_EMAIL option is used to remove any illegal characters from the input data.

The FILTER_VALIDATE_EMAIL option is used whether the given input is an valid email address or not.

Example :-

<?php
$email = "info@example.com";

// Remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);

// Validate e-mail
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
  echo("$email is a valid email address");
} else {
  echo("$email is not a valid email address");
}
?>

Output :-

info@example.com is a valid email address

You can also search for these topics, php sanitize and validate an email address, php sanitize an email address, php validate an email address, Example for php sanitize and validate an email address, use of $email variable in php.

Sanitize and Validate a URL

The FILTER_SANITIZE_URL and FILTER_VALIDATE_URL options are used to sanitize and validate an internet URL address from the given input data.

The FILTER_SANITIZE_URL option is used to remove any prohibited characters from the input data.

The FILTER_VALIDATE_URL option is used whether the given input is an valid web url address or not.

Example :-

<?php
$url = "https://www.simmanchith.com";

// Remove all illegal characters from a url
$url = filter_var($url, FILTER_SANITIZE_URL);

// Validate url
if (!filter_var($url, FILTER_VALIDATE_URL) === false) {
  echo("$url is a valid URL");
} else {
  echo("$url is not a valid URL");
}
?>

Output :-

https://www.simmanchith.com is a valid URL.

You can also search for these topics, php sanitize and validate a url, php sanitize a url, php validate a url, example for php sanitize and validate a url, how to sanitize and validate a url.

Validate URL - Must Contain QueryString

The FILTER_FLAG_QUERY_REQUIRED flag is used to check whether a URL contain query string or not.

Example :- This example utilizes filter_var() to see whether the variable $url contains a query string with it. :

<?php
// Variable to check
$url = "https://www.simmanchith.com";

// Validate url
if (!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED) === false) {
  echo("$url is a valid URL with a query string");
} else {
  echo("$url is not a valid URL with a query string");
}
?>

Output :-

https://www.simmanchith.com is not a valid URL with a query string

You can also search for these topics, validate URL with query string in php, how to Validate url query string using php, filter_var function Validate url in php, find the php url, php contain querystring, Example for validate url using php.