Efficient Filtering and validation
We just finished looking at preg_match
and regular expressions in general. One thing that you might have quickly realized was that it’s how we used to validate whether an email was valid or not. There’s an easier way to do that now and it’s with the filter_var
function. We won’t go into all of the details, but let’s explore the filter_var
built-in function.
trim(),
ltrim()
,rtrim()
htmlspecialchars()
__call()
preg_match()
filter_var()
addslashes()
str_replace()
strlen()
strtolower()
strtoupper()
ucfirst()
strpos()
,stripos()
,strrpos()
,strripos()
- Array Functions like:
array_chunk()
,array_diff()
,array_key_exists()
,array_key_first()
,array_key_last()
,array_map()
,array_merge()
,array_push()
,array_sum()
,asort()
,arsort()
,count()
,in_array()
,ksort()
,krsort()
,sort()
,rsort()
,shuffle()
,sizeof()
,is_array()
,explode()
,implode()
- Magic Methods like:
__invoke()
,__toString()
filter_var()
The filter_var
return type is mixed
because it returns false
when it’s invalid, or the value when it’s valid. The first argument is the value that we’re either trying to sanitize or validate and the second argument is the filter name. There is a third options
argument, but we won’t go into those details here.
<?php
var_dump( filter_var("dinoaexample.com", FILTER_VALIDATE_EMAIL) );
The above code returns false
since the email dinoaexample.com
is not a valid email.
<?php
var_dump( filter_var("dino@example.com", FILTER_VALIDATE_EMAIL) );
Since we have a valid email address, we get the email address returned to us: dino@example.com
.
Filters
There are a ton of built in filters.
To get a full list of them, visit https://www.php.net/manual/en/filter.filters.php.
Validation Filters
FILTER_VALIDATE_BOOLEAN
returns true
for 1
, true
, on
and yes
. Returns false
otherwise. Synonymous with FILTER_VALIDATE_BOOL
.
<?php
var_dump( filter_var(true, FILTER_VALIDATE_BOOLEAN) ); // true
FILTER_VALIDATE_EMAIL
validates whether the value is a valid e-mail address.
<?php
var_dump( filter_var("dino@example.com", FILTER_VALIDATE_EMAIL) ); // dino@example.com
FILTER_VALIDATE_IP
validates IP addresses, optionally only IPv4 or IPv6.
<?php
var_dump( filter_var("192.168.1.10", FILTER_VALIDATE_IP) ); // 192.168.1.10
var_dump( filter_var("78.123.186.65", FILTER_VALIDATE_IP) ); // 78.123.186.65
var_dump( filter_var("78.123.186", FILTER_VALIDATE_IP) ); // false
var_dump( filter_var("6AAA:1111:222:3333:4444:5555:678:778", FILTER_VALIDATE_IP) ); // false
FILTER_VALIDATE_MAC
validates the MAC address.
<?php
var_dump( filter_var("12:34:F4:90:4F:9B", FILTER_VALIDATE_MAC) ); // 12:34:F4:90:4F:9B
FILTER_VALIDATE_URL
validates the URL.
<?php
var_dump( filter_var("https://dinocajic.com", FILTER_VALIDATE_URL) ); // https://dinocajic.com
var_dump( filter_var("https:/dinocajic.com", FILTER_VALIDATE_URL) ); // false
Sanitization Filters
The sanitization filters will actually attempt to sanitize the value inputed. Let’s look at a few.
FILTER_SANITIZE_EMAIL
removes all characters except letters, digits and !#$%&’*+-=?^_`{|}~@.[].
<?php
var_dump( filter_var("dino@example.com", FILTER_SANITIZE_EMAIL) ); // dino@example.com
var_dump( filter_var("(dino@example.com)", FILTER_SANITIZE_EMAIL) ); // dino@example.com
var_dump( filter_var("dino#example.com", FILTER_SANITIZE_EMAIL) ); // dino#example.com
The sanitization only strips the special character out, other than the allowed characters. So, in the last example, it returns the sanitized string, even though it’s not a valid email address. To validate the email address, you’ll need to use the FILTER_VALIDATE_EMAIL
afterwards.
<?php
$sanitized = filter_var("dino#example.com", FILTER_SANITIZE_EMAIL);
if ( filter_var($sanitized, FILTER_VALIDATE_EMAIL) !== false) {
echo "Valid email address";
}
FILTER_SANITIZE_ADD_SLASHES
applies the addslashes()
function that we’ll cover in the next article. Nothing to it; it just adds backslashes to characters that need to be escaped.
<?php
var_dump( filter_var("Dino's Story", FILTER_SANITIZE_ADD_SLASHES) );
// Dino\'s Story
FILTER_SANITIZE_STRING
does a little more work than the add slashes filter above. It strip tags and HTML-encode double and single quotes.
<?php
var_dump( filter_var("Dino's <strong>Story</strong>", FILTER_SANITIZE_STRING) );
// Dino's Story
FILTER_SANITIZE_URL
strips all characters except letters, digits and $-_.+!*’(),{}|\\^~[]`<>#%”;/?:@&=.
<?php
var_dump( filter_var("https://dinocajic.com", FILTER_SANITIZE_URL) );
// https://dinocajic.com
Flags
Let’s do one example of a flag: the third argument. Taking a look at FILTER_VALIDATE_BOOLEAN
, we can pass the FILTER_NULL_ON_FAILURE
flag as the third argument in filter_var
. If FILTER_NULL_ON_FAILURE
is set, false
is returned only for 0
, false
, off
, no
, and empty string, and null
is returned for all non-boolean values.
<?php
var_dump( filter_var(true, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // true
var_dump( filter_var(false, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // false
var_dump( filter_var(0, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // false
var_dump( filter_var("off", FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // false
var_dump( filter_var("no", FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // false
var_dump( filter_var("yes", FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // true
var_dump( filter_var(35, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ); // null
We can pass the same to the FILTER_VALIDATE_EMAIL
filter.
<?php
var_dump( filter_var("dino@example.com", FILTER_VALIDATE_EMAIL, FILTER_NULL_ON_FAILURE) ); // dino@example.com
var_dump( filter_var("dinoexample.com", FILTER_VALIDATE_EMAIL, FILTER_NULL_ON_FAILURE) ); // null
And that’s it for the basics of filter_var
. You can do some additional things with it, but this is where you will spend majority of your time.
https://github.com/dinocajic/php-youtube-tutorials?source=post_page—–b21c186a24e9——————————–
ENABLING PRECISE PATTERN MATCHING AND TEXT MANIPULATION
PHP – P102: BUILT IN FUNCTIONS PREG MATCH
A regular expression is just a sequence of characters that is used to search for specific patterns in a string.
Efficient Filtering and validation
PHP – P103: built in functions filter_var
PHP’s filter_var simplifies data validation by efficiently filtering and validating user inputs against predefined or custom filters in PHP.
STRINGS BEND TO YOUR WILL WITH PHP’S DYNAMIC FUNCTIONS
These are simple built-in functions that require little to grasp. They’re conveniently named to simplify what the operations will accomplish.