Skip to content
Related Articles

Related Articles

PHP | Filter and Filter Constant
  • Difficulty Level : Easy
  • Last Updated : 13 Feb, 2019

PHP Filter is an extension that filters the data by either sanitizing or validating it. It plays a crucial role in security of a website, especially useful when the data originates from unknown or foreign sources, like user supplied input. For example data from a HTML form.

There are mainly two types of filters which are listed below:

  • Validation: is used to validate or check if the data meets certain qualifications or not. For example, passing in FILTER_VALIDATE_URL will determine if the data is a valid url, but it will not change the existing data by itself.
  • Sanitization: unlike validation, sanitization will sanitize data so as to ensure that no undesired characters by removing or altering the data. For example passing in FILTER_SANITIZE_EMAIL will remove all the characters that are inappropriate for an email address to contain. That said, it does not validate the data.

Example 1: PHP program to validate URL using FILTER_VALIDATE_URL filter.




<?php
// PHP program to validate URL
  
// Declare variable and initialize it to URL
  
// Use filter function to validate URL
if (filter_var($url, FILTER_VALIDATE_URL)) {
    echo("valid URL");
else {
    echo("Invalid URL");
}
  
?>

Example 2: PHP program to validate email using FILTER_VALIDATE_EMAIL filter.




<?php
// PHP program to validate email
  
// Declare variable and initialize it to email
$email = "xyz@gmail.com";
  
// Use filter function to validate email
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Valid Email";
else {
    echo "Invalid Email";
}
  
?>

Filter Functions: The filter function is used to filter the data coming from insecure source.



  • filter_var(): Filters a specific variable
  • filter_var_array():Filters multiple variable i.e. array of variable
  • filter_has_var(): Check if the variable of specific input type exists or not
  • filter_id():helps to get filter id of the specified filter name
  • filter_list():Returns a list of supported filter name in the form of array.
  • filter_input():Gets an external variable and filters it if set to do so.
  • filter_input_array():same as filter_input() but here Gets multiple variables i.e. array of variable and filters them if set to do so.

Predefined Filter Constants: There are many predefined filter constants which are listed below:

  • Validate filter constants:
    • FILTER_VALIDATE_BOOLEAN: Validates a boolean
    • FILTER_VALIDATE_INT: Validates an integer
    • FILTER_VALIDATE_FLOAT: Validates a float
    • FILTER_VALIDATE_REGEXP: Validates a regular expression
    • FILTER_VALIDATE_IP: Validates an IP address
    • FILTER_VALIDATE_EMAIL: Validates an e-mail address
    • FILTER_VALIDATE_URL: Validates an URL
  • Sanitize filter constants:
    • FILTER_SANITIZE_EMAIL: Removes all illegal characters from an e-mail address
    • FILTER_SANITIZE_ENCODED: Removes/Encodes special characters
    • FILTER_SANITIZE_MAGIC_QUOTES: Apply addslashes() function
    • FILTER_SANITIZE_NUMBER_FLOAT: Remove all characters, except digits, +- and optionally ., eE
    • FILTER_SANITIZE_NUMBER_INT: Removes all characters except digits and + –
    • FILTER_SANITIZE_SPECIAL_CHARS: Removes special characters
    • FILTER_SANITIZE_FULL_SPECIAL_CHARS Encoding quotes can be disabled by using FILTER_FLAG_NO_ENCODE_QUOTES.
    • FILTER_SANITIZE_STRING : Removes tags/special characters from a string
    • FILTER_SANITIZE_STRIPPED : Alias of FILTER_SANITIZE_STRING
    • FILTER_SANITIZE_URL: Removes all illegal character from s URL
  • Other filter constants:
    • FILTER_UNSAFE_RAW :Do nothing, optionally strip/encode special characters
    • FILTER_CALLBACK :Call a user-defined function to filter data

Note: PHP filters are enabled by defaults in PHP 5.2.0 and newer versions. Installation requires for older versions.

Reference: http://php.net/manual/en/filter.filters.sanitize.php

My Personal Notes arrow_drop_up
Recommended Articles
Page :