articles

Home / DeveloperSection / Articles / PHP Filter

PHP Filter

Anonymous User7529 16-Sep-2011

PHP filters are used to validate and filter data coming from insecure sources, like user input. A PHP filter is used to validate and filter data coming from insecure sources. To test, validate and filter user input or custom data is an important part of any web application. The PHP filter extension is designed to make data filtering easier and quicker. The PHP filter extension has many of the functions needed for checking many types of user input, handled locally this provides a standard method of filtering data. You should always filter all external data.

External data may be input data from a form, cookies data, server variables, web service data and database query result etc.

There are three types of filters which are used in PHP, defined as follows.

  1.        Validate Filters
  2.        Sanitize Filter
  3.        Other Filter
Validate Filters:

Validate filters are used to validate user input value such as: integer, Boolean, float, IP address, email, URL etc. Validate filter follow the strict format rule such as email, URL etc.

Let’s have an example, how to use validate filter id in PHP.

Example:
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
        <title></title>
    </head>
    <body>
        <?php
       
            $val =12.0 ;
            if (filter_var($val,FILTER_VALIDATE_INT))
            {
                print ("valid int ");
            }
            else
            {
                print ("Invalid int");
            }
        ?>
    </body>
</html>
Output:

PHP Filter

In the same manner we can use all the validate filter id such as: FILTER_VALIDATE_INT,FILTER_VALIDATE_EMAIL, FILTER_VALIDATE_FLOAT etc.

Sanitize Filter:

Sanitize filter are used to allow or disallow specified characters in a string. Sanitize filter have no format rule, it always return string value.

Let’s have an example, how to use Sanitize filter in PHP.

Example:

Here we have ‘SanitizeFilterPage.php’ having ‘submit’ button to submit form onto server.

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
        <title></title>
    </head>
    <body>
       <form id="frmBody" method="get"action="SanitizeFilter.php">
        <table>
         
            <tr>
                <td>TO:</td>
                <td>    <input type="text" id="txtEmailTo" name="emailTo" value="" ></input></td>
            </tr>
            <tr>
                <td> From:</td>
                <td> <input type="text" id ="txtEmailFrom" name ="emailFrom" value=""></input></td>
            </tr>
            <tr>
                <td>Subject:</td>
                <td><input type="text" id="txtSubject" name="emailSubject" value=""></input></td>
            </tr>
            <tr>
                <td>
                    Message Body:
                </td>
                <td>
                    <textarea id ="txtaraeMsgBody" name ="areaMsgBody" value=""></textarea>
                 </td>
            </tr>      
            <tr>
                <td>
                   
                </td>
 
                <td>
                    <input type ="submit" id="btnsubmit" name="btnSubmitEmail" value="Submit" ></input>
                </td>
            </tr>
           
        </table>
    </body>
</html>


PHP Filter

When we click on ‘Submit’ button, the form is submitted to server with Get method, now we can filter URL on the ‘SanitizFilter.php’ page.

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
        <title></title>
    </head>
    <body>
        <?php
           
            if(!filter_has_var(INPUT_GET, "emailTo"))
            {
                echo 'url does not exit';
            }
            else
            {
                $url = filter_input(INPUT_GET, "emailTo", FILTER_SANITIZE_URL);
                echo $url ;
            }
        ?>
    </body>
</html>

PHP Filter

Here, we are filtering URL with ‘emailTo’ name.

Other Filter:

‘FILTER_CALLBACK’ is used for filter data by calling user defined function. This filter gives us full control over the data filtering.

Let’s have an example, how to use FILTER_CALLBACK in PHP with user defined function.

Example:
       <?php
        // user define functionto filter user input data
         function MyCallbackFunction($name)
         {
             return str_replace(" ", " _ ", $name);
         }
 
          $name = "My name is Arun singh !";
 
         echo filter_var($name, FILTER_CALLBACK, array("options"=>"MyCallbackFunction"));
 
    ?>
Output:

Here blank space (‘ ‘) is replaced by ‘ _ ‘

PHP Filter


 


Updated 04-Dec-2019
I am a content writter !

Leave Comment

Comments

Liked By