PHP Filter

Filter Types

<?php
filter_var($email, 
  FILTER_VALIDATE_EMAIL);
?>

<?php
filter_var($string, 
  FILTER_SANITIZE_STRING);
?>

<?php
FILTER_VALIDATE_EMAIL
?>

<?php
FILTER_VALIDATE_URL
?>

🔹 Validating Email

Email validation ensures user input matches proper email format. FILTER_VALIDATE_EMAIL checks for valid structure including @ symbol and domain. Returns the email if valid, or false if invalid, helping prevent form submission errors.

<?php
$email = "[email protected]";

if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Valid email address!";
} else {
    echo "Invalid email address!";
}

// Invalid example
$bad_email = "not-an-email";
if(!filter_var($bad_email, FILTER_VALIDATE_EMAIL)) {
    echo "\n'$bad_email' is not valid!";
}
?>

🔹 Validating URLs

URL validation confirms that a string is a properly formatted web address. FILTER_VALIDATE_URL checks for protocol, domain, and structure. Essential for link validation in forms, preventing broken links and security issues from malformed URLs.

<?php
$url = "https://www.example.com";

if(filter_var($url, FILTER_VALIDATE_URL)) {
    echo "Valid URL!";
} else {
    echo "Invalid URL!";
}

// Test invalid URL
$bad_url = "not a url";
if(!filter_var($bad_url, FILTER_VALIDATE_URL)) {
    echo "\n'$bad_url' is invalid!";
}
?>

🔹 Validating Integers

Integer validation ensures numeric input is a whole number. FILTER_VALIDATE_INT checks if value is an integer, with optional range limits. Perfect for age verification, quantity fields, and any numeric input requiring whole numbers only.

<?php
$age = 25;

if(filter_var($age, FILTER_VALIDATE_INT)) {
    echo "Valid integer!";
}

// Validate with range
$options = array(
    "options" => array(
        "min_range" => 18,
        "max_range" => 100
    )
);

if(filter_var($age, FILTER_VALIDATE_INT, $options)) {
    echo "\nAge is within valid range!";
}
?>

🔹 Validating IP Addresses

IP validation verifies that a string is a valid IP address. Supports both IPv4 and IPv6 formats. Use this for network-related applications, access control systems, or any feature requiring valid IP address input.

<?php
$ip = "192.168.1.1";

if(filter_var($ip, FILTER_VALIDATE_IP)) {
    echo "Valid IP address!";
}

// Validate IPv4 only
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
    echo "\nValid IPv4 address!";
}

// Invalid IP
$bad_ip = "999.999.999.999";
if(!filter_var($bad_ip, FILTER_VALIDATE_IP)) {
    echo "\n'$bad_ip' is invalid!";
}
?>

🔹 Sanitizing Strings

String sanitization removes or encodes potentially dangerous characters from user input. FILTER_SANITIZE_STRING strips HTML tags and special characters, preventing XSS attacks. Always sanitize user input before displaying or storing it in databases.

<?php
$dirty = "<script>alert('XSS')</script>Hello";

// Remove HTML tags
$clean = filter_var($dirty, FILTER_SANITIZE_STRING);
echo "Sanitized: " . $clean;

// Sanitize special characters
$text = "Hello <b>World</b>!";
$safe = filter_var($text, FILTER_SANITIZE_SPECIAL_CHARS);
echo "\nSafe HTML: " . $safe;
?>

🔹 Sanitizing URLs

URL sanitization removes illegal characters from URLs, ensuring they're safe to use. FILTER_SANITIZE_URL strips out characters that don't belong in URLs. Use this before storing or redirecting to user-provided URLs to prevent injection attacks.

<?php
$url = "https://example.com/page?name=John Doe&age=25";

// Sanitize URL
$clean_url = filter_var($url, FILTER_SANITIZE_URL);
echo "Clean URL: " . $clean_url;

// Remove illegal characters
$bad_url = "https://example.com/