PHP Filters

PHP filters are used to validate and sanitize external input. This is especially useful when the data source contains unknown data, like user input. For example, data from an HTML form, cookie, SQL statement result, etc.

There are mainly two types of filtering:

• Validation – Validation is used to validate or check if the data meets certain qualifications. For example, passing in FILTER_VALIDATE_EMAIL will determine if the data is a valid email address, but will not change the data itself.
• Sanitization – Sanitization will sanitize the data, so it may alter it by removing undesired characters. For example, passing in FILTER_SANITIZE_EMAIL will remove characters that are inappropriate for an email address to contain. That said, it does not validate the data.

The filter_var() function in PHP

To validate data using filter extensions, you can use filter_var() function in PHP. The basic syntax of the function is as below:

Syntax

filter_var(variable, filter, options)

HERE,

• variable – Value to filter
• filter – The ID of the filter to apply
• Options – It specifies one or more flags/options to use.

Example

Validate Email using Filter

The below example will validate an email address.

<?php
// Validate email using filter.
$email = "thetutorialsbook@gmail.com";
$vemail = filter_var($email, FILTER_VALIDATE_EMAIL);
if($vemail == TRUE){
    echo "The $email is a valid email address";
} else{
    echo "The $email is not a valid email address";
}
?>

Output

Now if we provide email address as thetutorialsbook@@gmail.com instead of thetutorialsbook@gmail.com as below.

<?php
// Validate email using filter.
$email = "thetutorialsbook@@gmail.com";
$vemail = filter_var($email, FILTER_VALIDATE_EMAIL);
if($vemail == TRUE){
    echo "The $email is a valid email address";
} else{
    echo "The $email is not a valid email address";
}
?>

Output

Validate integer value

The following example will validate if the given number is a valid integer or not.

<?php
// Validate integer variable
$int = 10;
if(filter_var($int, FILTER_VALIDATE_INT)){
    echo "The <b>$int</b> is a valid integer";
} else{
    echo "The <b>$int</b> is not a valid integer";
}
?>

Output

If we provide “0” as the value in the above example, it will show an invalid integer. But we know that 0 is a valid integer. So, in order to fix the problem, we need to explicitly test the 0, as follows.

<?php
// Validate integer variable
$int = 0;
if(filter_var($int, FILTER_VALIDATE_INT) === 0 || filter_var($int, FILTER_VALIDATE_INT)){
    echo "The <b>$int</b> is a valid integer";
} else{
    echo "The <b>$int</b> is not a valid integer";
}
?>

Sanitize a String

The below example will sanitize string value by removing by following all HTML tags

<?php
// Sanitize a string
$comment = "<h1>Hello Guest! Welcome to Tutorialsbook!</h1>";
$scomment = filter_var($comment, FILTER_SANITIZE_STRING);
echo $scomment;
?>

Output

Validate IP Addresses

The following example will validate if an IP address is valid or not.

<?php
// Validate IP Address
$ip = "172.168.2.9";
 
if(filter_var($ip, FILTER_VALIDATE_IP)){
    echo "The <b>$ip</b> is a valid IP address";
} else {
    echo "The <b>$ip</b> is not a valid IP address";
}
?>

Output

Further, you can use FILTER_FLAG_IPV4 or FILTER_FLAG_IPV6 flags for validation IPV4 and IPV6 type addresses respectively.

<?php
// Validate IP Address
$ip = "172.168.2.9";
 
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)){
    echo "The <b>$ip</b> is a valid IPV6 address";
} else {
    echo "The <b>$ip</b> is not a valid IPV6 address";
}
?>

Output

Sanitize and validate an URL in PHP

The following example will show the method of sanitizing and validating an URL.

<?php
// Sanitize and validate an URL
$url = "http:///tutorialsbook.com";
 
// Remove all illegal characters from url
$surl = filter_var($url, FILTER_SANITIZE_URL);
 
// Validate website url
if($url == $surl && filter_var($url, FILTER_VALIDATE_URL)){
    echo "The $url is a valid website url";
} else{
    echo "The $url is not a valid website url";
}
?>

Output