Open In App
Related Articles

PHP Filter and Filter Constant

Improve
Improve
Improve
Like Article
Like
Save Article
Save
Report issue
Report

PHP Filter is an extension that filters the data by either sanitizing or validating it. It plays a crucial role in the security of a website, especially useful when the data originates from unknown or foreign sources, like user-supplied input. For example data from an HTML form

There are mainly two types of filters which are listed below:

  • Validation: is used to validate or check if the data meets certain qualifications or not. For example, passing in FILTER_VALIDATE_URL will determine if the data is a valid URL, but it will not change the existing data by itself.
  • Sanitization: unlike validation, sanitization will sanitize data so as to ensure that no undesired characters are by removing or altered the data. For example, passing in FILTER_SANITIZE_EMAIL will remove all the characters that are inappropriate for an email address to contain. That said, it does not validate the data.

Example 1: PHP program to validate URL using FILTER_VALIDATE_URL filter. 

PHP

<?php
// PHP program to validate URL
 
// Declare variable and initialize it to URL
 
// Use filter function to validate URL
if (filter_var($url, FILTER_VALIDATE_URL)) {
    echo "valid URL";
} else {
    echo "Invalid URL";
}
 
?>

                    

Example 2: PHP program to validate email using FILTER_VALIDATE_EMAIL filter. 

PHP

<?php
// PHP program to validate email
 
// Declare variable and initialize it to email
$email = "xyz@gmail.com";
 
// Use filter function to validate email
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Valid Email";
} else {
    echo "Invalid Email";
}
 
?>

                    

Example 3: PHP program to sanitize email using FILTER_SANITIZE _EMAIL filter. 

PHP

<?php
// PHP program to sanitize an email
 
// Declare variable and initialize it
// to an email with illegal characters
$email = "user@geeksforgeeks.org";
 
// Sanitize the email using the FILTER_SANITIZE_EMAIL filter
$sanitizedEmail = filter_var($email, FILTER_SANITIZE_EMAIL);
 
// Output the sanitized email
echo "Sanitized Email: " . $sanitizedEmail;
?>

                    

Filter Functions: The filter function is used to filter the data coming from an insecure source.

  • filter_var(): Filters a specific variable.
  • filter_var_array(): Filters multiple variables i.e. array of variables.
  • filter_has_var(): Check if the variable of a specific input type exists or not
  • filter_id(): It helps to get the filter id of the specified filter name.
  • filter_list(): It returns a list of supported filter names in the form of an array.
  • filter_input(): It gets an external variable and filters it if set to do so.
  • filter_input_array(): It is the same as filter_input() but here Get multiple variables i.e. array of variable and filters them if set to do so.

Predefined Filter Constants: There are many predefined filter constants which are listed below:

  • Validate filter constants:
    • FILTER_VALIDATE_BOOLEAN: Validates a boolean.
    • FILTER_VALIDATE_INT: Validates an integer.
    • FILTER_VALIDATE_FLOAT: Validates a float.
    • FILTER_VALIDATE_REGEXP: Validates a regular expression.
    • FILTER_VALIDATE_IP: Validates an IP address.
    • FILTER_VALIDATE_EMAIL: Validates an e-mail address.
    • FILTER_VALIDATE_URL: Validates an URL.
  • Sanitize filter constants:
    • FILTER_SANITIZE_EMAIL: Removes all illegal characters from an e-mail address
    • FILTER_SANITIZE_ENCODED: Removes/Encodes special characters
    • FILTER_SANITIZE_MAGIC_QUOTES: Apply addslashes() function
    • FILTER_SANITIZE_NUMBER_FLOAT: Remove all characters, except digits, +- and optionally ., eE
    • FILTER_SANITIZE_NUMBER_INT: Removes all characters except digits and + –
    • FILTER_SANITIZE_SPECIAL_CHARS: Removes special characters
    • FILTER_SANITIZE_FULL_SPECIAL_CHARS: Encoding quotes can be disabled by using FILTER_FLAG_NO_ENCODE_QUOTES.
    • FILTER_SANITIZE_STRING : Removes tags/special characters from a string
    • FILTER_SANITIZE_STRIPPED : Alias of FILTER_SANITIZE_STRING
    • FILTER_SANITIZE_URL: Removes all illegal characters from s URL
  • Other filter constants:
    • FILTER_UNSAFE_RAW: Do nothing, optionally strip/encode special characters
    • FILTER_CALLBACK: Call a user-defined function to filter data

Note: PHP filters are enabled by default in PHP 5.2.0 and newer versions. Installation requires for older versions. 

Reference: http://php.net/manual/en/filter.filters.sanitize.php



Last Updated : 08 Jun, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads