Google News
logo
PHP Filters
PHP filters are used to validate and sanitize external input. The Filters are used most common tasks in a web application.

Validating data : Determine if the data is in proper form.
Sanitizing data :  Remove any illegal character from the data.

To make this task easier PHP provides native filter extension that you can use to sanitize or validate data such as  input, e-mail addresses, URLs, IP addresses, etc.
To validate data using filter extension you need to use the PHP's filter_var() function. 
Syntax

filter_var(variable, filter, options)

This function takes three parameters out of which the last two are optional.

  • The first parameter is the value to be filtered
  • The second parameter is the ID of the filter to apply
  • The third parameter is the array of options related to filter.
Sanitize a String
The following example uses the filter_var() function to remove all HTML tags from a string :
<!DOCTYPE html>
<html>
<head>
    <title>Sanitize a String in PHP</title>
</head>
<body>

<?php
// Sample comment
$filter_mesg = "<h1>Hi, Welcome to Free Time Learning..!</h1>";
 
// Sanitize and print comment string
$sanitized_comment = filter_var($filter_mesg, FILTER_SANITIZE_STRING);
echo $sanitized_comment;
?>

</body>
</html>
Output :
Validate an Integer
The following example will validate whether the value is a valid integer or not.
<!DOCTYPE html>
<html>
<head>
    <title>Validate an Integer</title>
</head>
<body>

<?php
	// Integer value
	 $int = 27;
	 
	// Validate sample integer value
	if(filter_var($int, FILTER_VALIDATE_INT)){
		echo "The <b>$int</b> is a valid integer";
	} else {
		echo "The <b>$int</b> is not a valid integer";
	}
?> 

</body>
</html>
Output :
In the above example, if variable $int is set to 0, the example code will return "Integer is not valid". To fix this problem, you need to explicitly test for the value 0, as following example :
<!DOCTYPE html>
<html>
<head>
    <title>Validate an Integer</title>
</head>
<body>

<?php
// integer value
$int = 0;
 
// Sample validate integer value
if(filter_var($int, FILTER_VALIDATE_INT) === 0 || filter_var($int, FILTER_VALIDATE_INT)){
    echo "The <b>$int</b> is a valid integer";
} else {
    echo "The <b>$int</b> is not a valid integer";
}
?>

</body>
</html>
Output :
Validate an IP Address
The following example uses the filter_var() function to check if the variable $ip is a valid IP address:
<!DOCTYPE html>
<html>
<head>
    <title>Validate an IP Address</title>
</head>
<body>

<?php
$ip = "192.160.1.80";

if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
    echo("$ip is a valid IP address");
} else {
    echo("$ip is not a valid IP address");
}
?>

</body>
</html>
Output :
The php validate an ip addresses for IPV4 or IPV6 IP addresses by using the FILTER_FLAG_IPV4 or FILTER_FLAG_IPV6 flags, respectively. Here's an example :
<!DOCTYPE html>
<html>
<head>
    <title>Validate an IP Address</title>
</head>
<body>

<?php
$ip = "192.160.1.80";

if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)){
    echo "<b>$ip</b> is a valid IPV6 address";
} else {
    echo "<b>$ip</b> is not a valid IPV6 address";
}
?>

</body>
</html>
Output :
Sanitize and Validate Email Addresses
The following example uses the filter_var() function to first remove all illegal characters from the $email variable, then check if it is a valid email address :
<!DOCTYPE html>
<html>
<head>
    <title>Sanitize and Validate an Email Address</title>
</head>
<body>

<?php
	$email = "info@freetimelearning.com";
	
	$email = filter_var($email, FILTER_SANITIZE_EMAIL);
	
	if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
		echo("<b>$email</b> is a valid email address");
	} else {
		echo("<b>$email</b> is not a valid email address");
	}
?>

</body>
</html>
Output :
Sanitize and Validate URLs
The following example uses the filter_var() function to first remove all illegal characters from a URL, then check if $url is a valid URL :
<!DOCTYPE html>
<html>
<head>
    <title>Sanitize and Validate URLs</title>
</head>
<body>

<?php
	$url = "http://www.freetimelearning.com";

	$url = filter_var($url, FILTER_SANITIZE_URL);
	 
	if(filter_var($url, FILTER_VALIDATE_URL)){
		echo "<b>$url</b> is a valid website url";
	} else{
		echo "<b>$url</b> is not a valid website url";
	}
?>

</body>
</html>
Output :
Sanitize and Validate URLs contains query string or not by using the flag FILTER_FLAG_QUERY_REQUIRED, as shown in the following example :
<!DOCTYPE html>
<html>
<head>
    <title>Sanitize and Validate URLs</title>
</head>
<body>

<?php
	$url = "http://www.example.com?php=filters";
	 
	if(filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED)){
		echo "<b>$url</b> contains query string";
	} else{
		echo "<b>$url</b> does not contain query string";
	}
?>
</body>
</html>
Output :
Validate an Integer Within a Range
The following example uses the filter_var() function to check if a variable is both of type INT, and between 1 and 140 :
<!DOCTYPE html>
<html>
<head>
    <title>Validate an Integer Within a Range</title>
</head>
<body>

<?php
	$int = 80;
	$min = 1;
	$max = 140;
	
	if (filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range"=>$min, "max_range"=>$max))) === false) {
		echo("Variable value is not within the range of 1 to 140");
	} else {
		echo("Variable value is within the range of 1 to 140");
	}
?>

</body>
</html>
Output :