PHP Filter

PHP filters are used to validate and filter data coming from insecure sources, like user input.

PHP Filter

PHP Filter

     

PHP filters are used to validate and filter data coming from insecure sources, like user input.

PHP Filter is used to filter and validate any data coming from user side which could be insecure sources, this function of PHP makes validation, testing, and filtering easier which are the essential part of web application development.

We must filter all external data comes from user or any other resource like Web Service, cookies, database query results.

Example:

<?php

$var=12;

if(!filter_var($var,FILTER_VALIDATE_INT))

{

echo "Not an integer";

}

else

{

echo "An integer";

}

?>


Output:

An integer

Validating and Sanitizing
Validation is used to validate user inputs and it's specially used in strict format rules like URL and E-Mail validation, it returns true or false as result.

On the other hand sanitization is used for allowing or disallowing any particular word in a string, it returns a string as the result.

Example on Validation:

Validation.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

<title>Insert title here</title>

</head>

<body>

<form name="temp" action="Validation.php" method="get">

Enter an Email address :<input type="text" name="mail"/><BR/> 0

<input type="submit" value="submit"/>

<input type="reset" value="Reset"/>

</form> 1

</body>

</html>

Validation.php 2

<?php

$mail= $_GET["mail"];

if(!filter_has_var(INPUT_GET,"mail")) 3

{

echo "Input type does not exists";

} 4

else

{

if(!filter_input(INPUT_GET,"mail",FILTER_VALIDATE_EMAIL )) 5

{

echo "Email address is not valid";

} 6

else

{

echo "Email address is valid"; 7

}

}

?> 8

Output:

Email address is not valid 9

If we write the mail address as [email protected] output would be as follows:

Email address is valid

Sanitization:
0

Similarly there is another type of filtering is offered by PHP, called sanitization. This technique is useful for sanitization of any input like if any user inserts any invalid character then it is able to remove all those characters.

Suppose any user type www.$B¿¬µ.com as the url, then output will be www.B$.com, sanitization allows us to use the special characters present on the keyboard.

Example: 1

Sanitisation.php

<?php

if(!filter_has_var(INPUT_GET,"url")) 2

{

echo "Input type does not exists";

} 3

else

{

$url=filter_input(INPUT_GET,"url",FILTER_SANITIZE_URL); 4

}

echo $url;

?> 5

Sanitisation.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html> 6

<head>

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

<title>Insert title here</title> 7

</head>

<body>

<form name="temp" action="Sanitisation.php" method="get"> 8

Enter a URL here :<input type="text" name="url"/><BR/>

<input type="submit" value="submit"/>

<input type="reset" value="Reset"/> 9

</form>

</body>

</html> 0