PHP Filters

The PHP filters are used to validate and sanitize data coming from external sources like user input. The web applications receive various types of external data, for example user input from a form, cookies, web services data, server variables data query results etc. And in the web application invalid submitted data can lead to security problems and break the web application. By using PHP filters we can be sure that our application gets the correct input.

PHP Filter functions :

Since PHP 5.2.0, the PHP filter functions are enabled by default, means we can directly use them in our code without any further installation. These functions are listed below :

Function Description
filter_var() Filters a variable with a specified filter.
filter_input() Gets a specific external variable by name and optionally filters it.
filter_id() Returns the ID number of a specified filter.
filter_input_array() Gets multiple external variables and optionally filters them.
filter_list() Returns an array of all supported filters.
filter_var_array() Gets multiple variables and optionally filters them.
filter_has_var() Checks if variable of specified type exists.

PHP Validate Filters :

The Validate filters are used to validate the user inputs.

ID Description
FILTER_VALIDATE_EMAIL Validates value as e-mail.
FILTER_VALIDATE_IP Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
FILTER_VALIDATE_URL Validates value as URL, optionally with required components.
FILTER_VALIDATE_INT Validates value as integer optionally from the specified range.
ILTER_VALIDATE_FLOAT Validates value as float.
FILTER_VALIDATE_BOOLEAN Returns TRUE for "1", "true", "on" and "yes". Returns FALSE otherwise.

PHP Sanitize Filters

The sanitize filters are used to sanitize or clean the user inputs.

ID Description
FILTER_SANITIZE_EMAIL Used to sanitize email.
FILTER_SANITIZE_NUMBER_INT Remove all characters except digits, plus (+) and minus (-) sign.
FILTER_SANITIZE_NUMBER_FLOAT Remove all characters except digits, +- and optionally .,eE
FILTER_SANITIZE_STRING Strip tags, optionally strip or encode special characters.
FILTER_SANITIZE_ENCODED URL-encode string, optionally strip or encode special characters.
FILTER_SANITIZE_MAGIC_QUOTES Apply addslashes() function.
FILTER_SANITIZE_SPECIAL_CHARS HTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters.

Next Topic :