PHP Filters

PHPz
Release: 2024-08-29 13:03:46
Original
705 people have browsed it

There are very few languages that have filter features. Filters are one of the value-added features of programming languages. This helps us to filter the data or the string before processing. This is the call of the time to use this to prevent some vulnerability issues in the system. PHP filters can be used to validate or sanitize external inputs. The PHP filter is an extension with various functions and features we can use while coding. For example, if we take client input from a form as an email id, we should validate or sanitize it before database-related operation. As coders or developers, we should use these filters in PHP per our business needs and requirements.

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

Syntax

Sanitizing and filters are the most common operations in the web application environment. Here is the basic syntax:

filter_var(variable, filter, options)
Copy after login

This function filter_var takes 3 parameters. The last 2 parameters, the filter and the options are optional. The first one is a variable or the identifier itself. This is the one, we want to filter, the second is what we want to do (in this, we pass the ID of the available options in PHP), and the last is the filter-related options. Let’s understand the same with a quiz example:

Code:

<?php
$int_val = 200;
if(filter_var($int_val, FILTER_VALIDATE_INT)){
echo "The <b>$int_val</b> is a valid one."; // valid
} else{
echo "The <b>$int_val</b> not a valid input as an integer"; // invalid
}
?>
Copy after login

In the above example, we are using a filter and checking whether we have an integer value in the variable $int_val. So, here is the output for the same.

Output:

PHP Filters

Why do we Use Filter in PHP?

Many PHP web applications receive external input from the client side. The idea is to clean the user input before processing, as we can’t expect the user to put all the data correctly. Any external user or system input or data can lead to a critical security issue.

We can filter here to sanitize the data entered from the various external sources like:

  • Direct client user input from the form
  • Data of Cookies
  • Data from the Web services
  • Data of the server variables
  • Database query results

Together, PHP filters and sanitizers enable us to get whether an input is valid. If not a valid input, in this case, we can sanitize that to make a valid one. In the coming example section, we will discuss various examples related to this.

Examples of Filters in PHP

There are various types of filters available in PHP. We can check that list using the filter_list() function. These functions filter the URL, String, number, IP address, etc.

Example #1

In this section, we will see the various filter example programs individually.

Sanitize a String

To check whether a string is valid or not

Code:

<?php
$comment = "Hello word";
if(filter_var($comment, FILTER_SANITIZE_STRING)){
echo "The <b>$comment</b> is a valid one."; // valid
} else{
echo "The <b>$comment</b> not a valid input"; // invalid
}
?>
Copy after login

In the above example, we can see a valid string; that’s why it gives the valid one.

Output:

PHP Filters

Get the sanitized string as an output

<?php
$comment = "<i>Hello word</i>";
echo "Before sanitizing: ". $comment;
$comment = filter_var($comment, FILTER_SANITIZE_STRING);
echo "<br>"; // for new line
echo "After sanitizing: ". $comment;
?>
Copy after login

We can see we have two different outputs. We can see the output before and after sanitizing is different. After sanitizing, HTML tags have been removed by the PHP filter function.

Output:

PHP Filters

Example #2

Validate an IP Address

The PHP filter function can do this job for us. Let’s see the example.

Code:

<?php
$ip_address = "172.16.254.1:40";
if(filter_var($ip_address, FILTER_VALIDATE_IP)){
echo "The <b>$ip_address</b> is a valid one."; // valid
} else{
echo "The <b>$ip_address</b> is not a valid input"; // invalid
}
?>
Copy after login

Output:

PHP Filters

Example #3

Sanitizing and validating an email address

Code:

<?php
$email_address = "someone@@testmail.com";
code>
echo "Before Sanitizing: " . $email_address ."<br>";
if(filter_var($email_address, FILTER_VALIDATE_EMAIL)){
echo "The <b>$email_address</b> is a valid one."; // valid
} else{
echo "The <b>$email_address</b> not a valid input"; // invalid
}
echo "<br>";
echo "After Sanitizing: " .  filter_var($email_address, FILTER_SANITIZE_EMAIL);
?>
Copy after login

In the above example, we have an invalid email id value, as we get this output by using the filter function. But the moment we sanitize, it gives the correct email.

Output:

PHP Filters

Code:

<?php
$email_address = "[email protected]";
if(filter_var($email_address, FILTER_VALIDATE_EMAIL)){
echo "The <b>$email_address</b> is a valid one."; // valid
} else{
echo "The <b>$email_address</b> not a valid input"; // invalid
}
?>
Copy after login

In the above example PHP code, we check whether the email is valid.

Output:

PHP Filters

Example #4

Sanitize and Validate the URL

In this example, we will see whether an input URL is valid. If not a valid URL, it will sanitize that to correct it.

Code:

<?php
$URL = "https://www.educba.com/��courses�";
echo "Before Sanitizing: " . $URL ."<br>";
if(filter_var($URL, FILTER_VALIDATE_URL)){
echo "The <b>$URL</b> is a valid one."; // valid
} else{
echo "The <b>$URL</b> is not a valid input"; // invalid
}
echo "<br>";
echo "After Sanitizing: " . filter_var($URL, FILTER_SANITIZE_URL);
?>
Copy after login

Output:

PHP Filters

Conclusion

We should use the PHP filter to validate or sanitize the user input. This way, we can restrict vulnerable user input. We can use the various PHP filter function for validating the user inputs and the value. We can also use sanitizing to clean the value (either the user input or the directly assigned). We should always use the PHP sanitizer before using any cookies data for the data processing.

The above is the detailed content of PHP Filters. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
php
source:php
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template