PHP | Filter and Filter Constant

PHP Filter is an extension that filters the data by either sanitizing or validating it. It plays a crucial role in security of a website, especially useful when the data originates from unknown or foreign sources, like user supplied input. For example data from a HTML form.

There are mainly two types of filters which are listed below:

  • Validation: is used to validate or check if the data meets certain qualifications or not. For example, passing in FILTER_VALIDATE_URL will determine if the data is a valid url, but it will not change the existing data by itself.
  • Sanitization: unlike validation, sanitization will sanitize data so as to ensure that no undesired characters by removing or altering the data. For example passing in FILTER_SANITIZE_EMAIL will remove all the characters that are inappropriate for an email address to contain. That said, it does not validate the data.

Example 1: PHP program to validate URL using FILTER_VALIDATE_URL filter.

filter_none

edit
close

play_arrow

link
brightness_4
code

<?php
// PHP program to validate URL
  
// Declare variable and initialize it to URL
  
// Use filter function to validate URL
if (filter_var($url, FILTER_VALIDATE_URL)) {
    echo("valid URL");
else {
    echo("Invalid URL");
}
  
?>

chevron_right


Example 2: PHP program to validate email using FILTER_VALIDATE_EMAIL filter.

filter_none

edit
close

play_arrow

link
brightness_4
code

<?php
// PHP program to validate email
  
// Declare variable and initialize it to email
$email = "xyz@gmail.com";
  
// Use filter function to validate email
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Valid Email";
else {
    echo "Invalid Email";
}
  
?>

chevron_right


Filter Functions: The filter function is used to filter the data coming from insecure source.

  • filter_var(): Filters a specific variable
  • filter_var_array():Filters multiple variable i.e. array of variable
  • filter_has_var(): Check if the variable of specific input type exists or not
  • filter_id():helps to get filter id of the specified filter name
  • filter_list():Returns a list of supported filter name in the form of array.
  • filter_input():Gets an external variable and filters it if set to do so.
  • filter_input_array():same as filter_input() but here Gets multiple variables i.e. array of variable and filters them if set to do so.

Predefined Filter Constants: There are many predefined filter constants which are listed below:

  • Validate filter constants:
    • FILTER_VALIDATE_BOOLEAN: Validates a boolean
    • FILTER_VALIDATE_INT: Validates an integer
    • FILTER_VALIDATE_FLOAT: Validates a float
    • FILTER_VALIDATE_REGEXP: Validates a regular expression
    • FILTER_VALIDATE_IP: Validates an IP address
    • FILTER_VALIDATE_EMAIL: Validates an e-mail address
    • FILTER_VALIDATE_URL: Validates an URL
  • Sanitize filter constants:
    • FILTER_SANITIZE_EMAIL: Removes all illegal characters from an e-mail address
    • FILTER_SANITIZE_ENCODED: Removes/Encodes special characters
    • FILTER_SANITIZE_MAGIC_QUOTES: Apply addslashes() function
    • FILTER_SANITIZE_NUMBER_FLOAT: Remove all characters, except digits, +- and optionally ., eE
    • FILTER_SANITIZE_NUMBER_INT: Removes all characters except digits and + –
    • FILTER_SANITIZE_SPECIAL_CHARS: Removes special characters
    • FILTER_SANITIZE_FULL_SPECIAL_CHARS Encoding quotes can be disabled by using FILTER_FLAG_NO_ENCODE_QUOTES.
    • FILTER_SANITIZE_STRING : Removes tags/special characters from a string
    • FILTER_SANITIZE_STRIPPED : Alias of FILTER_SANITIZE_STRING
    • FILTER_SANITIZE_URL: Removes all illegal character from s URL
  • Other filter constants:
    • FILTER_UNSAFE_RAW :Do nothing, optionally strip/encode special characters
    • FILTER_CALLBACK :Call a user-defined function to filter data

Note: PHP filters are enabled by defaults in PHP 5.2.0 and newer versions. Installation requires for older versions.

Reference: http://php.net/manual/en/filter.filters.sanitize.php



My Personal Notes arrow_drop_up

I am unrecognized crazy being with random thoughts

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.




Article Tags :
Practice Tags :


1


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.