This site is mobile accessible. Press the "Tap Here" button to use a different font-size.

Smartphone icons created by Freepik - Flaticon

6.9 PHP Filters

Validating data = Determine if the data is in proper form.
Sanitizing data = Remove any illegal character from the data.

The PHP Filter Extension

PHP filters are used to validate and sanitize external input.
The PHP filter extension has many of the functions needed for checking user input, and is designed to make data validation easier and quicker.
The filter_list() function can be used to list what the PHP filter extension offers:

Example 1: PHP - The Filter Extension

<table>
  <tr>
    <td>Filter Name</td>
    <td>Filter ID</td>
  </tr>
  <?php
  foreach (filter_list() as $id =>$filter) {
    echo '<tr><td>' . $filter . '</td><td>' . filter_id($filter) . '</td></tr>';
  }
  ?>
</table>

Why Use Filters?

Many web applications receive external input. External input/data can be:
- User input from a form
- Cookies
- Web services data
- Server variables
- Database query results
You should always validate external data!
Invalid submitted data can lead to security problems and break your webpage!
By using PHP filters you can be sure your application gets the correct input!

PHP filter_var() Function

The filter_var() function both validate and sanitize data.
The filter_var() function filters a single variable with a specified filter. It takes two pieces of data:
- The variable you want to check
- The type of check to use

Sanitize a String

The following example uses the filter_var() function to remove all HTML tags from a string:

Example 2: PHP Filters - Sanitize a String

<?php
$str = "<h1>Hello World!</h1>";
$newstr = filter_var($str, FILTER_SANITIZE_STRING);
echo $newstr;
?>

Validate an Integer

The following example uses the filter_var() function to check if the variable $int is an integer. If $int is an integer, the output of the code below will be: "Integer is valid". If $int is not an integer, the output will be: "Integer is not valid":

Example 3: PHP Filters - Validate an Integer

<?php
$int = 100;

if (!filter_var($int, FILTER_VALIDATE_INT) === false) {
  echo("Integer is valid");
} else {
  echo("Integer is not valid");
}
?>

Tip: filter_var() and Problem With 0

In the example above, if $int was set to 0, the function above will return "Integer is not valid". To solve this problem, use the code below:

Example 4: PHP Filters - filter_var() and Problem With 0

<?php
$int = 0;

if (filter_var($int, FILTER_VALIDATE_INT) === 0 || !filter_var($int, FILTER_VALIDATE_INT) === false) {
  echo("Integer is valid");
} else {
  echo("Integer is not valid");
}
?>

Validate an IP Address

The following example uses the filter_var() function to check if the variable $ip is a valid IP address:

Example 5: PHP Filters - Validate an IP Address

<?php
$ip = "127.0.0.1";

if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
  echo("$ip is a valid IP address");
} else {
  echo("$ip is not a valid IP address");
}
?>

Sanitize and Validate an Email Address

The following example uses the filter_var() function to first remove all illegal characters from the $email variable, then check if it is a valid email address:

Example 6: PHP Filters - Sanitize and Validate an Email Address

<?php
$email = "john.doe@example.com";

// Remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);

// Validate e-mail
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
  echo("$email is a valid email address");
} else {
  echo("$email is not a valid email address");
}
?>

Sanitize and Validate a URL

The following example uses the filter_var() function to first remove all illegal characters from a URL, then check if $url is a valid URL:

Example 7: PHP Filters - Sanitize and Validate a URL

<?php
$url = "https://www.w3schools.com";

// Remove all illegal characters from a url
$url = filter_var($url, FILTER_SANITIZE_URL);

// Validate url
if (!filter_var($url, FILTER_VALIDATE_URL) === false) {
  echo("$url is a valid URL");
} else {
  echo("$url is not a valid URL");
}
?>

Complete PHP Filter Reference

For a complete reference of all filter functions, go to W3Schools.com complete PHP Filter Reference. Check each filter to see what options and flags are available.
The reference contains a brief description, and examples of use, for each function!

PHP Fundamentals course home
Module 6. PHP Advanced

Navigate this module

Eventually the navigation links, above, will be replaced by these << (previous) and >> (next) buttons below.

Animated PHP icons used in the buttons provided by ICONS8.COM. Smartphone icons created by Freepik - Flaticon

Module 6 quiz

Example files created in this module:
The PHP Date() Function - Get a Date The PHP Date() Function - Automatic Copyright Year The PHP Date() Function - Get a Time The PHP Date() Function - Get Your Time Zone The PHP Date() Function - Create a Date With mktime() The PHP Date() Function - Create a Date From a String With strtotime() part 1 The PHP Date() Function - Create a Date From a String With strtotime()part 2 The PHP Date() Function - Create Dates From Strings With strtotime() The PHP Date() Function - Count The Number of Days To July 4 With strtotime() PHP Include Files - PHP include Example part 1 PHP Include Files - PHP include Example part 2 PHP Include Files - PHP include Example part 3 PHP Include Files - PHP include Example part 4 PHP Include Files - PHP require Example readfile() fopen() fgets() feof() fgetc() PHP File Handling - PHP readfile() Function PHP File Open/Read - PHP Open File - fopen() PHP File Open/Read - fgets() Read Single Line PHP File Open/Read - feof() Check End-Of-File PHP File Open/Read - fgetc() Read Single Character PHP File Upload PHP Cookies - Create/Retrieve a Cookie PHP Cookies - Modify a Cookie Value PHP Cookies - Delete a Cookie PHP Cookies - Check if Cookies are Enabled PHP Sessions - Start a PHP Session PHP Sessions - Get PHP Session Variable Values part 1 PHP Sessions - Get PHP Session Variable Values part 2 PHP Sessions - Modify a PHP Session Variable PHP Sessions - Destroy a PHP Session PHP Filters - The PHP Filter Extension PHP Filters - Sanitize a String PHP Filters - Validate an Integer PHP Filters - filter_var() and Problem With 0 PHP Filters - Validate an IP Address PHP Filters - Sanitize and Validate an Email Address PHP Filters - Sanitize and Validate a URL PHP Filters Advanced - Validate an Integer Within a Range PHP Filters Advanced - Validate IPv6 Address PHP Filters Advanced - Validate URL That Must Contain QueryString PHP Filters Advanced - Remove Characters With ASCII Value > 127 PHP Callback Functions PHP Callback Functions - Anonymous Function PHP Callback Functions - Callbacks in User Defined Functions PHP and JSON - json_encode() part 1 PHP and JSON - json_encode() part 2 PHP and JSON - json_decode() part 1 PHP and JSON - json_decode() part 2 PHP and JSON - Accessing the Decoded Values part 1 PHP and JSON - Accessing the Decoded Values part 2 PHP and JSON - Looping Through the Values part 1 PHP and JSON - Looping Through the Values part 2 PHP Exceptions - Throwing an Exception PHP Exceptions - The try...catch Statement PHP Exceptions - The try...catch...finally Statement part 1 PHP Exceptions - The try...catch...finally Statement part 2 PHP Exceptions - The Exception Object