PHP Filters to Sanitize and Validate Data: Examples (Updated)

PHP Filters to Sanitize and Validate Data
This post explains the PHP filters to sanitize and validate external data with example code. PHP filter has useful extensions which used to check user input and designed in a way to make validation quite easy and faster.

In web applications, we commonly need to sanitize and validate user input data like email, number, string, IP address, etc. By using these PHP filter extensions we can easily achieve this.

Using PHP Filters:

To sanitize or validate the user data we are using PHP ‘filter_var()’ function. The syntax of this function:

filter_var(var, filtername, options)

var – it is the required variable to filter
filtername – It is an optional parameter, which used to specify the ID or name of the filter.
options – Optional parameter, used to specify option/flag for each filter type.

Validate Integer and Float Number:

The following code example validates the number, whether it is an integer or not using ‘FILTER_VALIDATE_INT‘ filter ID. To validate the float number use ‘FILTER_VALIDATE_FLOAT‘ ID.

We can validate an integer number within a range. For example, check whether the integer number exists between 100 to 999. Syntax to get this.

filter_var($int, FILTER_VALIDATE_INT, array(“options” => array(“min_range” => 100,”max_range” => 999)))

Sanitize and Validate Email Addresses:

In this example, we are using the ‘FILTER_SANITIZE_EMAIL‘ filter to sanitize and ‘FILTER_VALIDATE_EMAIL‘ to validate email addresses.

In sanitize filtration, remove all illegal characters like {, }, (, ), // etc..

Its shown an output ‘[email protected]’ is a valid email address.

Validate an IP Address:

Using ‘FILTER_VALIDATE_IP‘ filter we can check about IP address is valid or not. See the below example:

It output shown as 164.12.2540.1 is not a valid IP address.

Note: You can use FILTER_FLAG_IPV4 or FILTER_FLAG_IPV6 flags to validate IPV4 or IPV6 IP addresses.

Sanitize a String Data:

Use ‘FILTER_SANITIZE_STRING‘ filter to remove all HTML element from an string.

The output is shown something like this: “PHP Filters to Sanitize and Validate Data”.

Sanitize and Validate URLs:

FILTER_SANITIZE_URL filter removes all illegal characters from a URL except all letters, digits and $-_.+!*'(),{}|\\^~[]`”><#%;/?:@&=.

It removes the illegal character and shows the output as “https://www.codefixup.com”.

FILTER_VALIDATE_URL filter uses to validate an URL.

Validate Boolean Value:

FILTER_VALIDATE_BOOLEAN filter used to validates value as a Boolean option. Its return TRUE for “1”, “true”, “on” and “yes” and return FALSE for “0”, “false”, “off” and “no”. Otherwise return NULL value.

It output as bool(true) value.

Sanitize Encoded Filter:

PHP FILTER_SANITIZE_ENCODED Filter encode special characters into $url variable. This filter work like urlencode() function.

The output shows something like that: https%3A%2F%2Fwww.w3schools%C5%C5.com

Above explained PHP filters to sanitize and validate data used it directly in your web application without any further installation.

Recommended Posts For You

About Harish

I am professional web developer and blogger. Use this blog to share own api and other web development experience with you. I do accept paid work. Write to me at - [email protected]

View all posts by Harish

Leave a Comment

Your email address will not be published. Required fields are marked *