Built In Functions

Efficient Filtering and validation

We just finished looking at preg_match and regular expressions in general. One thing that you might have quickly realized was that it’s how we used to validate whether an email was valid or not. There’s an easier way to do that now and it’s with the filter_var function. We won’t go into all of the details, but let’s explore the filter_var built-in function.

  • trim(), ltrim()rtrim()
  • htmlspecialchars()
  • __call()
  • preg_match()
  • filter_var()
  • addslashes()
  • str_replace()
  • strlen()
  • strtolower()
  • strtoupper()
  • ucfirst()
  • strpos(), stripos(), strrpos(), strripos()
  • Array Functions like: array_chunk(), array_diff(), array_key_exists(), array_key_first(), array_key_last(), array_map(), array_merge(), array_push(), array_sum(), asort(), arsort(), count(), in_array(), ksort(), krsort(), sort(), rsort(), shuffle(), sizeof(), is_array(), explode(), implode()
  • Magic Methods like: __invoke(), __toString()

filter_var()

The filter_var return type is mixed because it returns false when it’s invalid, or the value when it’s valid. The first argument is the value that we’re either trying to sanitize or validate and the second argument is the filter name. There is a third options argument, but we won’t go into those details here.

<?php
var_dump( filter_var("dinoaexample.com", FILTER_VALIDATE_EMAIL) );

The above code returns false since the email dinoaexample.com is not a valid email.

<?php
var_dump( filter_var("dino@example.com", FILTER_VALIDATE_EMAIL) ); 

Since we have a valid email address, we get the email address returned to us: dino@example.com.

Filters

There are a ton of built in filters.

To get a full list of them, visit https://www.php.net/manual/en/filter.filters.php.

Validation Filters

FILTER_VALIDATE_BOOLEAN returns true for 1, true, on and yes. Returns false otherwise. Synonymous with FILTER_VALIDATE_BOOL.

<?php
var_dump( filter_var(true, FILTER_VALIDATE_BOOLEAN) ); // true

FILTER_VALIDATE_EMAIL validates whether the value is a valid e-mail address.

<?php
var_dump( filter_var("dino@example.com", FILTER_VALIDATE_EMAIL) ); // dino@example.com

FILTER_VALIDATE_IP validates IP addresses, optionally only IPv4 or IPv6.

<?php
var_dump( filter_var("192.168.1.10", FILTER_VALIDATE_IP) ); // 192.168.1.10
var_dump( filter_var("78.123.186.65", FILTER_VALIDATE_IP) ); // 78.123.186.65
var_dump( filter_var("78.123.186", FILTER_VALIDATE_IP) ); // false
var_dump( filter_var("6AAA:1111:222:3333:4444:5555:678:778", FILTER_VALIDATE_IP) ); // false

FILTER_VALIDATE_MAC validates the MAC address.

<?php
var_dump( filter_var("12:34:F4:90:4F:9B", FILTER_VALIDATE_MAC) ); // 12:34:F4:90:4F:9B

FILTER_VALIDATE_URL validates the URL.

<?php
var_dump( filter_var("https://dinocajic.com", FILTER_VALIDATE_URL) ); // https://dinocajic.com
var_dump( filter_var("https:/dinocajic.com", FILTER_VALIDATE_URL) ); // false

Sanitization Filters

The sanitization filters will actually attempt to sanitize the value inputed. Let’s look at a few.

FILTER_SANITIZE_EMAIL removes all characters except letters, digits and !#$%&’*+-=?^_`{|}~@.[].

<?php
var_dump( filter_var("dino@example.com", FILTER_SANITIZE_EMAIL) ); // dino@example.com
var_dump( filter_var("(dino@example.com)", FILTER_SANITIZE_EMAIL) ); // dino@example.com
var_dump( filter_var("dino#example.com", FILTER_SANITIZE_EMAIL) ); // dino#example.com

The sanitization only strips the special character out, other than the allowed characters. So, in the last example, it returns the sanitized string, even though it’s not a valid email address. To validate the email address, you’ll need to use the FILTER_VALIDATE_EMAIL afterwards.

<?php
$sanitized = filter_var("dino#example.com", FILTER_SANITIZE_EMAIL);

if ( filter_var($sanitized, FILTER_VALIDATE_EMAIL) !== false) {
    echo "Valid email address";
}

FILTER_SANITIZE_ADD_SLASHES applies the addslashes() function that we’ll cover in the next article. Nothing to it; it just adds backslashes to characters that need to be escaped.

<?php
var_dump( filter_var("Dino's Story", FILTER_SANITIZE_ADD_SLASHES) ); 

// Dino\'s Story

FILTER_SANITIZE_STRING does a little more work than the add slashes filter above. It strip tags and HTML-encode double and single quotes.

<?php
var_dump( filter_var("Dino's <strong>Story</strong>", FILTER_SANITIZE_STRING) ); 

// Dino&#39;s Story

FILTER_SANITIZE_URL strips all characters except letters, digits and $-_.+!*’(),{}|\\^~[]`<>#%”;/?:@&=.

<?php
var_dump( filter_var("https://dinocajic.com", FILTER_SANITIZE_URL) ); 

// https://dinocajic.com

Flags

Let’s do one example of a flag: the third argument. Taking a look at FILTER_VALIDATE_BOOLEAN, we can pass the FILTER_NULL_ON_FAILURE flag as the third argument in filter_var. If FILTER_NULL_ON_FAILURE is set, false is returned only for 0falseoffno, and empty string, and null is returned for all non-boolean values.

<?php
var_dump( filter_var(true, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // true
var_dump( filter_var(false, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // false
var_dump( filter_var(0, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // false
var_dump( filter_var("off", FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // false
var_dump( filter_var("no", FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // false
var_dump( filter_var("yes", FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // true
var_dump( filter_var(35, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // null

We can pass the same to the FILTER_VALIDATE_EMAIL filter.

<?php
var_dump( filter_var("dino@example.com", FILTER_VALIDATE_EMAIL, FILTER_NULL_ON_FAILURE) ); // dino@example.com
var_dump( filter_var("dinoexample.com", FILTER_VALIDATE_EMAIL, FILTER_NULL_ON_FAILURE) ); // null

And that’s it for the basics of filter_var. You can do some additional things with it, but this is where you will spend majority of your time.

https://github.com/dinocajic/php-youtube-tutorials?source=post_page—–b21c186a24e9——————————–

 

Built In Functions

ENABLING PRECISE PATTERN MATCHING AND TEXT MANIPULATION

PHP – P102: BUILT IN FUNCTIONS PREG MATCH

A regular expression is just a sequence of characters that is used to search for specific patterns in a string.

Built In Functions

Efficient Filtering and validation

PHP – P103: built in functions filter_var

PHP’s filter_var simplifies data validation by efficiently filtering and validating user inputs against predefined or custom filters in PHP.

STRINGS BEND TO YOUR WILL WITH PHP’S DYNAMIC FUNCTIONS

PHP – P104: STRING FUNCTIONS

These are simple built-in functions that require little to grasp. They’re conveniently named to simplify what the operations will accomplish.

Leave a Reply