PHP Filter is an extension that filters the data by either sanitizing or validating it. It plays a crucial role in security of a website, especially useful when the data originates from unknown or foreign sources, like user supplied input. For example data from a HTML form.
There are mainly two types of filters which are listed below:
- Validation: is used to validate or check if the data meets certain qualifications or not. For example, passing in FILTER_VALIDATE_URL will determine if the data is a valid url, but it will not change the existing data by itself.
- Sanitization: unlike validation, sanitization will sanitize data so as to ensure that no undesired characters by removing or altering the data. For example passing in FILTER_SANITIZE_EMAIL will remove all the characters that are inappropriate for an email address to contain. That said, it does not validate the data.
Example 1: PHP program to validate URL using FILTER_VALIDATE_URL filter.
Example 2: PHP program to validate email using FILTER_VALIDATE_EMAIL filter.
Filter Functions: The filter function is used to filter the data coming from insecure source.
- filter_var(): Filters a specific variable
- filter_var_array():Filters multiple variable i.e. array of variable
- filter_has_var(): Check if the variable of specific input type exists or not
- filter_id():helps to get filter id of the specified filter name
- filter_list():Returns a list of supported filter name in the form of array.
- filter_input():Gets an external variable and filters it if set to do so.
- filter_input_array():same as filter_input() but here Gets multiple variables i.e. array of variable and filters them if set to do so.
Predefined Filter Constants: There are many predefined filter constants which are listed below:
- Validate filter constants:
- FILTER_VALIDATE_BOOLEAN: Validates a boolean
- FILTER_VALIDATE_INT: Validates an integer
- FILTER_VALIDATE_FLOAT: Validates a float
- FILTER_VALIDATE_REGEXP: Validates a regular expression
- FILTER_VALIDATE_IP: Validates an IP address
- FILTER_VALIDATE_EMAIL: Validates an e-mail address
- FILTER_VALIDATE_URL: Validates an URL
- Sanitize filter constants:
- FILTER_SANITIZE_EMAIL: Removes all illegal characters from an e-mail address
- FILTER_SANITIZE_ENCODED: Removes/Encodes special characters
- FILTER_SANITIZE_MAGIC_QUOTES: Apply addslashes() function
- FILTER_SANITIZE_NUMBER_FLOAT: Remove all characters, except digits, +- and optionally ., eE
- FILTER_SANITIZE_NUMBER_INT: Removes all characters except digits and + –
- FILTER_SANITIZE_SPECIAL_CHARS: Removes special characters
- FILTER_SANITIZE_FULL_SPECIAL_CHARS Encoding quotes can be disabled by using FILTER_FLAG_NO_ENCODE_QUOTES.
- FILTER_SANITIZE_STRING : Removes tags/special characters from a string
- FILTER_SANITIZE_STRIPPED : Alias of FILTER_SANITIZE_STRING
- FILTER_SANITIZE_URL: Removes all illegal character from s URL
- Other filter constants:
- FILTER_UNSAFE_RAW :Do nothing, optionally strip/encode special characters
- FILTER_CALLBACK :Call a user-defined function to filter data
Note: PHP filters are enabled by defaults in PHP 5.2.0 and newer versions. Installation requires for older versions.
Attention reader! Don’t stop learning now. Get hold of all the important DSA concepts with the DSA Self Paced Course at a student-friendly price and become industry ready.