filter_var()
function. filter_var
(variable, filter, options)
This function takes three parameters out of which the last two are optional.
filter_var()
function to remove all HTML tags from a string :<!DOCTYPE html>
<html>
<head>
<title>Sanitize a String in PHP</title>
</head>
<body>
<?php
// Sample comment
$filter_mesg = "<h1>Hi, Welcome to Free Time Learning..!</h1>";
// Sanitize and print comment string
$sanitized_comment = filter_var($filter_mesg, FILTER_SANITIZE_STRING);
echo $sanitized_comment;
?>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Validate an Integer</title>
</head>
<body>
<?php
// Integer value
$int = 27;
// Validate sample integer value
if(filter_var($int, FILTER_VALIDATE_INT)){
echo "The <b>$int</b> is a valid integer";
} else {
echo "The <b>$int</b> is not a valid integer";
}
?>
</body>
</html>
$int
is set to 0
, the example code will return "Integer is not valid". To fix this problem, you need to explicitly test for the value 0
, as following example :<!DOCTYPE html>
<html>
<head>
<title>Validate an Integer</title>
</head>
<body>
<?php
// integer value
$int = 0;
// Sample validate integer value
if(filter_var($int, FILTER_VALIDATE_INT) === 0 || filter_var($int, FILTER_VALIDATE_INT)){
echo "The <b>$int</b> is a valid integer";
} else {
echo "The <b>$int</b> is not a valid integer";
}
?>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Validate an IP Address</title>
</head>
<body>
<?php
$ip = "192.160.1.80";
if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
echo("$ip is a valid IP address");
} else {
echo("$ip is not a valid IP address");
}
?>
</body>
</html>
FILTER_FLAG_IPV4
or FILTER_FLAG_IPV6
flags, respectively. Here's an example :<!DOCTYPE html>
<html>
<head>
<title>Validate an IP Address</title>
</head>
<body>
<?php
$ip = "192.160.1.80";
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)){
echo "<b>$ip</b> is a valid IPV6 address";
} else {
echo "<b>$ip</b> is not a valid IPV6 address";
}
?>
</body>
</html>
filter_var()
function to first remove all illegal characters from the $email variable, then check if it is a valid email address :<!DOCTYPE html>
<html>
<head>
<title>Sanitize and Validate an Email Address</title>
</head>
<body>
<?php
$email = "info@freetimelearning.com";
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
echo("<b>$email</b> is a valid email address");
} else {
echo("<b>$email</b> is not a valid email address");
}
?>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Sanitize and Validate URLs</title>
</head>
<body>
<?php
$url = "http://www.freetimelearning.com";
$url = filter_var($url, FILTER_SANITIZE_URL);
if(filter_var($url, FILTER_VALIDATE_URL)){
echo "<b>$url</b> is a valid website url";
} else{
echo "<b>$url</b> is not a valid website url";
}
?>
</body>
</html>
FILTER_FLAG_QUERY_REQUIRED
, as shown in the following example :<!DOCTYPE html>
<html>
<head>
<title>Sanitize and Validate URLs</title>
</head>
<body>
<?php
$url = "http://www.example.com?php=filters";
if(filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED)){
echo "<b>$url</b> contains query string";
} else{
echo "<b>$url</b> does not contain query string";
}
?>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Validate an Integer Within a Range</title>
</head>
<body>
<?php
$int = 80;
$min = 1;
$max = 140;
if (filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range"=>$min, "max_range"=>$max))) === false) {
echo("Variable value is not within the range of 1 to 140");
} else {
echo("Variable value is within the range of 1 to 140");
}
?>
</body>
</html>