This post explains the PHP filters to sanitize and validate external data with example code. PHP filter has useful extensions which used to check user input and designed in a way to make validation quite easy and faster.
In web applications, we commonly need to sanitize and validate user input data like email, number, string, IP address, etc. By using these PHP filter extensions we can easily achieve this.
Using PHP Filters:
To sanitize or validate the user data we are using PHP ‘filter_var()’ function. The syntax of this function:
filter_var(var, filtername, options)
var – it is the required variable to filter
filtername – It is an optional parameter, which used to specify the ID or name of the filter.
options – Optional parameter, used to specify option/flag for each filter type.
Validate Integer and Float Number:
The following code example validates the number, whether it is an integer or not using ‘FILTER_VALIDATE_INT‘ filter ID. To validate the float number use ‘FILTER_VALIDATE_FLOAT‘ ID.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
<?php // Validate integer number $int = 10; // integer number if(filter_var($int, FILTER_VALIDATE_INT)) { echo "The <b>$int</b> is a valid integer"; } else { echo "The <b>$int</b> is not a valid integer"; } echo "<br/>"; // Validate Float Number $float = 20.5; // float number if(filter_var($float, FILTER_VALIDATE_FLOAT)) { echo "The <b>$float</b> is a valid float number"; } else { echo "The <b>$float</b> is not a valid float number"; } ?> |
We can validate an integer number within a range. For example, check whether the integer number exists between 100 to 999. Syntax to get this.
filter_var($int, FILTER_VALIDATE_INT, array(“options” => array(“min_range” => 100,”max_range” => 999)))
Sanitize and Validate Email Addresses:
In this example, we are using the ‘FILTER_SANITIZE_EMAIL‘ filter to sanitize and ‘FILTER_VALIDATE_EMAIL‘ to validate email addresses.
In sanitize filtration, remove all illegal characters like {, }, (, ), // etc..
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
<?php $input_email = "dev(.lop)@code//fixup.com"; // Remove all illegal characters from email $input_email = filter_var($input_email, FILTER_SANITIZE_EMAIL); // Validate e-mail address if(filter_var($input_email, FILTER_VALIDATE_EMAIL)){ echo "$input_email is an valid email address"; } else{ echo "$input_email is Not valid email address"; } ?> |
Its shown an output ‘[email protected]’ is a valid email address.
Validate an IP Address:
Using ‘FILTER_VALIDATE_IP‘ filter we can check about IP address is valid or not. See the below example:
1 2 3 4 5 6 7 8 9 10 11 12 |
<?php $ip_address = "164.12.2540.1"; // IP address // Validate it if(filter_var($ip_address, FILTER_VALIDATE_IP)){ echo "$ip_address is a valid IP address"; } else { echo "$ip_address is not a valid IP address"; } ?> |
It output shown as 164.12.2540.1 is not a valid IP address.
Note: You can use FILTER_FLAG_IPV4 or FILTER_FLAG_IPV6 flags to validate IPV4 or IPV6 IP addresses.
Sanitize a String Data:
Use ‘FILTER_SANITIZE_STRING‘ filter to remove all HTML element from an string.
1 2 3 4 5 6 7 8 9 |
<?php $string = "<label>PHP Filters to Sanitize and Validate Data</label>"; // Sanitize the string echo $sanitizedstring = filter_var($string, FILTER_SANITIZE_STRING); ?> |
The output is shown something like this: “PHP Filters to Sanitize and Validate Data”.
Sanitize and Validate URLs:
FILTER_SANITIZE_URL filter removes all illegal characters from a URL except all letters, digits and $-_.+!*'(),{}|\\^~[]`”><#%;/?:@&=.
1 2 3 4 5 6 7 |
<?php $urlvar="https://www.codefixŐŐup.com"; echo $sanitizedurl = filter_var($urlvar, FILTER_SANITIZE_URL); ?> |
It removes the illegal character and shows the output as “https://www.codefixup.com”.
FILTER_VALIDATE_URL filter uses to validate an URL.
1 2 3 4 5 6 7 8 9 10 11 |
<?php // Url to check $checkurl = "https://www.codefixup.com"; // Validate url if (filter_var($checkurl, FILTER_VALIDATE_URL)) { echo("$checkurl is a valid URL"); } else { echo("$checkurl is not a valid URL"); } ?> |
Validate Boolean Value:
FILTER_VALIDATE_BOOLEAN filter used to validates value as a Boolean option. Its return TRUE for “1”, “true”, “on” and “yes” and return FALSE for “0”, “false”, “off” and “no”. Otherwise return NULL value.
1 2 3 4 5 |
<?php $var="yes"; echo $result = filter_var($var, FILTER_VALIDATE_BOOLEAN); ?> |
It output as bool(true) value.
Sanitize Encoded Filter:
PHP FILTER_SANITIZE_ENCODED Filter encode special characters into $url variable. This filter work like urlencode() function.
1 2 3 4 5 6 7 |
<?php $url="http://www.exampleÅÅ.com"; echo $url = filter_var($url, FILTER_SANITIZE_ENCODED); ?> |
The output shows something like that: https%3A%2F%2Fwww.w3schools%C5%C5.com
Above explained PHP filters to sanitize and validate data used it directly in your web application without any further installation.