There are very few languages that have filter features. Filters are one of the value-added features of programming languages. This helps us to filter the data or the string before processing. This is the call of the time to use this to prevent some vulnerability issues in the system. PHP filters can be used to validate or sanitize external inputs. The PHP filter is an extension with various functions and features we can use while coding. For example, if we take client input from a form as an email id, we should validate or sanitize it before database-related operation. As coders or developers, we should use these filters in PHP per our business needs and requirements.
Start Your Free Software Development Course
Web development, programming languages, Software testing & others
Sanitizing and filters are the most common operations in the web application environment. Here is the basic syntax:
filter_var(variable, filter, options)
This function filter_var takes 3 parameters. The last 2 parameters, the filter and the options are optional. The first one is a variable or the identifier itself. This is the one, we want to filter, the second is what we want to do (in this, we pass the ID of the available options in PHP), and the last is the filter-related options. Let’s understand the same with a quiz example:
Code:
<?php
$int_val = 200;
if(filter_var($int_val, FILTER_VALIDATE_INT)){
echo "The <b>$int_val</b> is a valid one."; // valid
} else{
echo "The <b>$int_val</b> not a valid input as an integer"; // invalid
}
?>In the above example, we are using a filter and checking whether we have an integer value in the variable $int_val. So, here is the output for the same.
Output:
Many PHP web applications receive external input from the client side. The idea is to clean the user input before processing, as we can’t expect the user to put all the data correctly. Any external user or system input or data can lead to a critical security issue.
We can filter here to sanitize the data entered from the various external sources like:
Together, PHP filters and sanitizers enable us to get whether an input is valid. If not a valid input, in this case, we can sanitize that to make a valid one. In the coming example section, we will discuss various examples related to this.
There are various types of filters available in PHP. We can check that list using the filter_list() function. These functions filter the URL, String, number, IP address, etc.
In this section, we will see the various filter example programs individually.
Sanitize a String
To check whether a string is valid or not
Code:
<?php
$comment = "Hello word";
if(filter_var($comment, FILTER_SANITIZE_STRING)){
echo "The <b>$comment</b> is a valid one."; // valid
} else{
echo "The <b>$comment</b> not a valid input"; // invalid
}
?>In the above example, we can see a valid string; that’s why it gives the valid one.
Output:
Get the sanitized string as an output
<?php $comment = "<i>Hello word</i>"; echo "Before sanitizing: ". $comment; $comment = filter_var($comment, FILTER_SANITIZE_STRING); echo "<br>"; // for new line echo "After sanitizing: ". $comment; ?>
We can see we have two different outputs. We can see the output before and after sanitizing is different. After sanitizing, HTML tags have been removed by the PHP filter function.
Output:
Validate an IP Address
The PHP filter function can do this job for us. Let’s see the example.
Code:
<?php
$ip_address = "172.16.254.1:40";
if(filter_var($ip_address, FILTER_VALIDATE_IP)){
echo "The <b>$ip_address</b> is a valid one."; // valid
} else{
echo "The <b>$ip_address</b> is not a valid input"; // invalid
}
?>Output:
Sanitizing and validating an email address
Code:
<?php
$email_address = "someone@@testmail.com";
code>
echo "Before Sanitizing: " . $email_address ."<br>";
if(filter_var($email_address, FILTER_VALIDATE_EMAIL)){
echo "The <b>$email_address</b> is a valid one."; // valid
} else{
echo "The <b>$email_address</b> not a valid input"; // invalid
}
echo "<br>";
echo "After Sanitizing: " . filter_var($email_address, FILTER_SANITIZE_EMAIL);
?>In the above example, we have an invalid email id value, as we get this output by using the filter function. But the moment we sanitize, it gives the correct email.
Output:
Code:
<?php
$email_address = "[email protected]";
if(filter_var($email_address, FILTER_VALIDATE_EMAIL)){
echo "The <b>$email_address</b> is a valid one."; // valid
} else{
echo "The <b>$email_address</b> not a valid input"; // invalid
}
?>In the above example PHP code, we check whether the email is valid.
Output:
Sanitize and Validate the URL
In this example, we will see whether an input URL is valid. If not a valid URL, it will sanitize that to correct it.
Code:
<?php
$URL = "https://www.educba.com/��courses�";
echo "Before Sanitizing: " . $URL ."<br>";
if(filter_var($URL, FILTER_VALIDATE_URL)){
echo "The <b>$URL</b> is a valid one."; // valid
} else{
echo "The <b>$URL</b> is not a valid input"; // invalid
}
echo "<br>";
echo "After Sanitizing: " . filter_var($URL, FILTER_SANITIZE_URL);
?>Output:
We should use the PHP filter to validate or sanitize the user input. This way, we can restrict vulnerable user input. We can use the various PHP filter function for validating the user inputs and the value. We can also use sanitizing to clean the value (either the user input or the directly assigned). We should always use the PHP sanitizer before using any cookies data for the data processing.
The above is the detailed content of PHP Filters. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
