Effective data validation is crucial for secure and robust web forms. Invalid data can create security vulnerabilities and website malfunctions. This tutorial demonstrates how PHP's filter_var function efficiently sanitizes and validates user inputs, preventing these issues.
Many developers find data validation tedious, often involving:
Fortunately, PHP offers a streamlined solution.
filter_var FunctionPHP's filter_var function simplifies the process. Its syntax is:
filter_var( mixed $value, int $filter = FILTER_DEFAULT, array|int $options = 0 ): mixed
$value: The data to be filtered.$filter: The filter ID (e.g., FILTER_SANITIZE_EMAIL, FILTER_VALIDATE_INT).$options: Optional parameters for filter customization. Returns FALSE on filter failure.filter_varEmail Sanitization:
The FILTER_SANITIZE_EMAIL filter removes illegal characters from email addresses. For example:
$email = "test\"';DROP TABLE users;--@example.com"; $sanitizedEmail = filter_var($email, FILTER_SANITIZE_EMAIL); echo $sanitizedEmail; // Outputs: test@example.com (malicious script removed)
URL Sanitization:
Similarly, FILTER_SANITIZE_URL cleans URLs of harmful characters:
$url = "http://example.com/?param=<🎜>"; $sanitizedUrl = filter_var($url, FILTER_SANITIZE_URL); echo $sanitizedUrl; // Outputs: http://example.com/?param= (script removed)
filter_varIP Address Validation:
$ip = "127.0.0.1";
if (filter_var($ip, FILTER_VALIDATE_IP)) {
// Valid IP address
} else {
// Invalid IP address
}Integer Validation:
$foo = "123";
if (filter_var($foo, FILTER_VALIDATE_INT)) {
// Valid integer
} else {
// Invalid integer
}Let's build a simple email submission form to illustrate data sanitization and validation. The form collects: name, email, homepage, and message. Only valid data triggers email submission.
Step 1: Creating the Form (form.html):
<form method="post" action="form-email.php"> Name: <input type="text" name="name"><br><br> Email Address: <input type="email" name="email"><br><br> Home Page: <input type="url" name="homepage"><br><br> Message: <textarea name="message"></textarea><br><br> <input type="submit" name="Submit" value="Send"> </form>
Step 2: Handling Form Submission (form-email.php):
<?php
$errors = "";
if (isset($_POST['Submit'])) {
// ... (Validation and sanitization logic as shown in original example) ...
if (empty($errors)) {
// Send email using mail() function with sanitized data
echo "Thank you for your message!";
} else {
echo "Errors: <br>" . $errors;
}
}
?>(Note: The complete validation and sanitization logic from the original example should be inserted into the if (isset($_POST['Submit'])) block in form-email.php.)
This tutorial provides a foundation for using PHP's data filtering capabilities. While not exhaustive, it showcases the efficiency of filter_var for secure and reliable data handling. Refer to the PHP manual's Data Filtering section for more advanced techniques. The image was generated using OpenAI's DALL-E 2.
The above is the detailed content of Sanitize and Validate Data With PHP Filters. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
