• +91-9142290450

  • Hajipur, Bihar, 844101

PHP Filters

← Previous Next →

When working with PHP, handling user input safely is one of the most important aspects of developing reliable web applications. PHP provides a set of built-in functions known as filters to validate and sanitize data. Filters are used to ensure that the data your application receives is in the expected format and free from malicious content. Using filters correctly reduces the chances of security issues like SQL injection, cross-site scripting (XSS), and improper input errors.

What Are PHP Filters?

PHP filters are tools to check and clean data. There are two main types of filters:

  1. Validation Filters – These filters check whether the input meets certain criteria. For example, checking if a value is a valid email address or a number within a specific range. Validation filters return true or false depending on whether the input passes the check.

  2. Sanitization Filters – These filters clean the input by removing or encoding unwanted characters. They do not check for correctness but instead make the data safe to use. For example, removing HTML tags from a string or stripping non-numeric characters from a number.

PHP provides a function called filter_var() which can be used for both validation and sanitization.

Using filter_var()

The filter_var() function takes at least two parameters: the value to filter and the type of filter to apply. Optionally, you can also provide an array of options.

Basic syntax:

$result = filter_var($value, FILTER_TYPE);

For example, to validate an email address:

$email = "example@domain.com";
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Valid email address.";
} else {
    echo "Invalid email address.";
}

Here, FILTER_VALIDATE_EMAIL checks if the input is a proper email address. If it passes, it returns the email; otherwise, it returns false.

Common Validation Filters

Some widely used validation filters include:

  • FILTER_VALIDATE_INT – Checks if the value is an integer.

  • FILTER_VALIDATE_FLOAT – Checks if the value is a floating-point number.

  • FILTER_VALIDATE_BOOLEAN – Converts a value to true or false.

  • FILTER_VALIDATE_EMAIL – Checks for a valid email format.

  • FILTER_VALIDATE_URL – Ensures the value is a valid URL.

  • FILTER_VALIDATE_IP – Validates an IP address, IPv4 or IPv6.

  • FILTER_VALIDATE_REGEXP – Validates data against a regular expression.

Example of integer validation with options:

$age = 25;
$options = array(
    "options" => array(
        "min_range" => 18,
        "max_range" => 65
    )
);

if (filter_var($age, FILTER_VALIDATE_INT, $options) !== false) {
    echo "Age is valid.";
} else {
    echo "Age is not valid.";
}

Here, the filter checks if $age is an integer and falls within the range of 18 to 65. This is useful for forms where age restrictions are required.

Common Sanitization Filters

Sanitization filters clean up the data, making it safe for processing. Some commonly used sanitization filters are:

  • FILTER_SANITIZE_STRING – Removes tags and encodes special characters. (Note: Deprecated in PHP 8.1; use FILTER_SANITIZE_SPECIAL_CHARS instead.)

  • FILTER_SANITIZE_EMAIL – Removes illegal characters from an email address.

  • FILTER_SANITIZE_URL – Removes illegal characters from a URL.

  • FILTER_SANITIZE_NUMBER_INT – Removes all characters except digits, plus, and minus signs.

  • FILTER_SANITIZE_NUMBER_FLOAT – Removes all characters except digits, plus, minus, and optionally decimal points.

Example:

$user_input = "<h1>Hello!</h1> Visit my site: example.com";
$clean_input = filter_var($user_input, FILTER_SANITIZE_STRING);
echo $clean_input;

This removes HTML tags and makes the string safe for output or database storage.

Filtering Arrays

PHP also allows filtering entire arrays using filter_var_array(). This is helpful when you have multiple inputs, such as from a form, and want to validate or sanitize them at once.

Example:

$data = array(
    "name" => "<b>John</b>",
    "email" => "john@example.com",
    "age" => "25"
);

$filters = array(
    "name" => FILTER_SANITIZE_STRING,
    "email" => FILTER_VALIDATE_EMAIL,
    "age" => array(
        "filter" => FILTER_VALIDATE_INT,
        "options" => array("min_range"=>18, "max_range"=>65)
    )
);

$result = filter_var_array($data, $filters);
print_r($result);

Here, name is sanitized, email is validated, and age is validated with a range check. The function returns an array where invalid inputs are set to false.

Why Filters Are Important

Using PHP filters has several advantages:

  1. Security – Sanitizing input prevents malicious code from entering your application.

  2. Reliability – Validating input ensures your application only works with correct data.

  3. Cleaner Code – Filters reduce the need for manual checks and regular expressions.

  4. Efficiency – Built-in filters are optimized and faster than custom-written validation functions.

Example: Validating a Simple Contact Form

Consider a contact form with three fields: name, email, and message. Using filters, you can process the data safely:

$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];

$name = filter_var($name, FILTER_SANITIZE_STRING);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
$message = filter_var($message, FILTER_SANITIZE_STRING);

if ($email && !empty($name) && !empty($message)) {
    echo "Form submitted successfully.";
} else {
    echo "Please fill in valid details.";
}

This approach ensures that the message and name are free of HTML tags, and the email is valid before processing further.

Summary of the Tutorial

PHP filters provide an easy and reliable way to validate and sanitize data. Validation filters help check if the data meets expected formats, such as emails, numbers, or URLs. Sanitization filters clean input, making it safe for output or database storage. Functions like filter_var() and filter_var_array() make it simple to work with individual values or entire arrays. By using PHP filters, developers can write safer, more reliable, and cleaner applications.

Practice Questions

  1. Write a PHP script to validate an email address entered by the user using FILTER_VALIDATE_EMAIL. Display a message if the email is valid or invalid.

  2. Create a PHP program that checks whether a given string is a valid URL using FILTER_VALIDATE_URL.

  3. Write a script to sanitize a user-submitted string by removing all HTML tags and special characters.

  4. Write a PHP script that accepts an integer input and validates that it falls within the range 10 to 100 using FILTER_VALIDATE_INT.

  5. Create a PHP program to validate an IP address and determine if it is IPv4 or IPv6.

  6. Write a script to sanitize a number input by removing all non-numeric characters using FILTER_SANITIZE_NUMBER_INT.

  7. Create a PHP script that validates a boolean value submitted as a form field using FILTER_VALIDATE_BOOLEAN.

  8. Write a program to filter an array of user data, validating the email and age fields, and sanitizing the name field.

  9. Create a PHP script to remove all illegal characters from a URL input using FILTER_SANITIZE_URL.

  10. Write a PHP script that accepts multiple inputs from a form (name, email, website, age) and validates or sanitizes each input appropriately using filter_var_array().

← Previous Next →

PHP

online coding class codepractice

PHP Basics

PHP Data

Control Flow

PHP Functions

PHP Arrays

PHP Forms

PHP Advanced

Cookies & Sessions

Filters & JSON

PHP Exceptions

PHP OOP

MySQL with PHP

PHP and XML

AJAX with PHP

codepractice logo
Login
Go Back Top