HTML CSS JAVASCRIPT SQL PYTHON JAVA PHP HOW TO W3.CSS C C++ C# BOOTSTRAP REACT MYSQL JQUERY EXCEL XML DJANGO NUMPY PANDAS NODEJS DSA TYPESCRIPT ANGULAR GIT POSTGRESQL MONGODB ASP AI R GO KOTLIN SASS VUE GEN AI SCIPY CYBERSECURITY DATA SCIENCE INTRO TO PROGRAMMING BASH RUST 

PHP Filters
Validating data = Determine if the data is in proper form.

Sanitizing data = Remove any illegal character from the data.

The PHP Filter Extension
PHP filters are used to validate and sanitize external input.

The PHP filter extension has many of the functions needed for checking user input, and is designed to make data validation easier and quicker.

The filter_list() function can be used to list what the PHP filter extension offers:

ExampleGet your own PHP Server
<table>
  <tr>
    <td>Filter Name</td>
    <td>Filter ID</td>
  </tr>
  <tr><td>int</td><td>257</td></tr><tr><td>boolean</td><td>258</td></tr><tr><td>float</td><td>259</td></tr><tr><td>validate_regexp</td><td>272</td></tr><tr><td>validate_domain</td><td>277</td></tr><tr><td>validate_url</td><td>273</td></tr><tr><td>validate_email</td><td>274</td></tr><tr><td>validate_ip</td><td>275</td></tr><tr><td>validate_mac</td><td>276</td></tr><tr><td>string</td><td>513</td></tr><tr><td>stripped</td><td>513</td></tr><tr><td>encoded</td><td>514</td></tr><tr><td>special_chars</td><td>515</td></tr><tr><td>full_special_chars</td><td>522</td></tr><tr><td>unsafe_raw</td><td>516</td></tr><tr><td>email</td><td>517</td></tr><tr><td>url</td><td>518</td></tr><tr><td>number_int</td><td>519</td></tr><tr><td>number_float</td><td>520</td></tr><tr><td>add_slashes</td><td>523</td></tr><tr><td>callback</td><td>1024</td></tr></table>
Why Use PHP Filters?
Many web applications receive external input. External input/data can be:

User input from a form
Cookies
Web services data
Server variables
Database query results
You should always validate external data!
Invalid submitted data can lead to security problems and break your webpage!
By using PHP filters you can be sure your application gets the correct input!

ADVERTISEMENT

PHP filter_var() Function
The filter_var() function both validate and sanitize data.

The filter_var() function filters a single variable with a specified filter. It takes two pieces of data:

The variable you want to check
The type of check to use
Sanitize a String
The following example uses the filter_var() function to remove all HTML tags from a string:

Example
Hello World!Validate an Integer
The following example uses the filter_var() function to check if the variable $int is an integer. If $int is an integer, the output of the code below will be: "Integer is valid". If $int is not an integer, the output will be: "Integer is not valid":

Example
Integer is validTip: filter_var() and Problem With 0
In the example above, if $int was set to 0, the function above will return "Integer is not valid". To solve this problem, use the code below:

Example
Integer is validValidate an IP Address
The following example uses the filter_var() function to check if the variable $ip is a valid IP address:

Example
127.0.0.1 is a valid IP addressSanitize and Validate an Email Address
The following example uses the filter_var() function to first remove all illegal characters from the $email variable, then check if it is a valid email address:

Example
john.doe@example.com is a valid email address