What is filter_var()?
filter_var() is a PHP function used to filters a variable with the help of a specified filter. In PHP programming language we can use filter_var() function to validate and sanitize a data such as email id, IP address etc.
Validation means to check if the data entered by the user is in the proper format or not. For example, when validating an email we can check if ‘@’ is present or not. Validation can be performed on integers, float, string, URL, e-mail, etc.
Sanitization means to remove unnecessary or illegal characters from the data. Sanitization helps us in removing illegal characters entered by the user.
To ensure the security of your website data, it is required to perform both sanitization and validation. Because sanitization doesn’t necessarily mean data is in a proper format. And validation doesn’t also mean user input is 100% correct.
This is where filter_var() function comes to the rescue.
Basic Syntax of filter_var() Function
filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT [, mixed $options ]] ) : mixed
Parameters of filter_var() Function
| variable |
It is the value which needed to be filtered. Note: Scalar values are converted to string internally before getting filtered. |
| filter | It is an optional parameter which represents the name or ID of the filter to be used. Default FILTER_DEFAULT will be used if this parameter is neglected. This will result in no filtering. |
| options | Also, an optional parameter, It specifies single or multiple flags/option to be used, This parameter checks for possible flags and option for each filter |
Return Value
If successful it returns filtered value otherwise FALSE in the case fo failure
PHP Filter_var () Examples
1.Sanitize and Validate an Email Address
<?php
// Variable to check
$email = "test@test.com";
// Remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
// Validate e-mail
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo("$email is a valid email address");
} else {
echo("$email is not a valid email address");
}
?>
Output
test
@test.com is a valid email address
Code Explanation
In the above code, filter_var() function is used for sanitization and validation.
Here we have a variable ‘$email’ set equal to an email-id "test@test.com". In the next line, we used filter_var() function for sanitization. After this, we performed e-mail validation and if-else block to echo if entered e-mail id is valid or not. If it is valid "$email is a valid email address" is echoed else "$email is not a valid email address" is echoed on the screen.
2.Sanitize a String
<?php
// Variable to check
$string = "<p><strong>This is a Stechies !</strong></p>";
// Remove all illegal characters from string
$string = filter_var($string, FILTER_SANITIZE_STRING);
echo $string;
?>
Output
This is a Stechies!
3.Validate an Integer Number
<?php
// Variable to check
$intnum = 1000022;
if (filter_var($intnum, FILTER_VALIDATE_INT)){
echo("$intnum is a valid integer number");
}else{
echo("$intnum is not a valid integer number");
}
?>
4.Validate a float Number
<?php
// Variable to check
$intnum = 11.11;
if (filter_var($intnum, FILTER_VALIDATE_FLOAT)){
echo("$intnum is a valid float number");
}else{
echo("$intnum is not a valid float number");
}
?>
5.Validate an IP Address
<?php
// Variable to check
$ipadd = '192.168.1.1';
if (filter_var($ipadd, FILTER_VALIDATE_IP)){
echo("$ipadd is a valid IP address");
}else{
echo("$ipadd is not a valid IP address");
}
?>
Output
192.168.1.1 is a valid IP address
6.Sanitize and Validate a URL
<?php
// Variable to check
$url = "https://www.stechies.com/";
// Remove all illegal characters from url
$url = filter_var($url, FILTER_SANITIZE_URL);
// Validate url
if(!filter_var($url, FILTER_VALIDATE_URL) == false) {
echo("$url is a valid URL");
}else{
echo("$url is not a valid URL");
}
?>
Output
https://www.stechies.com/ is a valid URL
Valid and Not Valid URL
| Url | Valid/Invalid |
|---|---|
|
https://www.stechies.com/ |
Valid |
|
htssssstps://ww3333w.stsssssechies.csssom/ |
Valid |
|
https::////www.stechies.com/ |
Invalid |