PHP Filter
PHP filters are used to validate and filter data coming from insecure
sources, like user input.
PHP Filter is used to filter and validate any data coming from user side which
could be insecure sources, this function of PHP makes validation, testing, and
filtering easier which are the essential part of web application development.
We must filter all external data comes from user or any other resource like Web Service, cookies, database query results.
Example:
<?php
$var=12;
if(!filter_var($var,FILTER_VALIDATE_INT))
{
echo "Not an integer";
}
else
{
echo "An integer";
}
?>
Output:
An integer
Validating and Sanitizing
Validation is used to validate user inputs and it's specially used in
strict format rules like URL and E-Mail validation, it returns true or false as
result.
On the other hand sanitization is used for allowing or disallowing any
particular word in a string, it returns a string as the result.
Example on Validation:
Validation.html
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<form name="temp" action="Validation.php" method="get">
Enter an Email address :<input type="text" name="mail"/><BR/> 0
<input type="submit" value="submit"/>
<input type="reset" value="Reset"/>
</form> 1
</body>
</html>
Validation.php 2
<?php
$mail= $_GET["mail"];
if(!filter_has_var(INPUT_GET,"mail")) 3
{
echo "Input type does not exists";
} 4
else
{
if(!filter_input(INPUT_GET,"mail",FILTER_VALIDATE_EMAIL )) 5
{
echo "Email address is not valid";
} 6
else
{
echo "Email address is valid"; 7
}
}
?> 8
Output:
Email address is not valid 9
If we write the mail address as [email protected] output would be as follows:
Email address is valid
Sanitization:
0
Similarly there is another type of filtering is offered by PHP, called sanitization. This technique is useful for sanitization of any input like if any user inserts any invalid character then it is able to remove all those characters.
Suppose any user type www.$B¿¬µ.com as the url, then output will be www.B$.com, sanitization allows us to use the special characters present on the keyboard.
Example: 1
Sanitisation.php
<?php
if(!filter_has_var(INPUT_GET,"url")) 2
{
echo "Input type does not exists";
} 3
else
{
$url=filter_input(INPUT_GET,"url",FILTER_SANITIZE_URL); 4
}
echo $url;
?> 5
Sanitisation.html
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> 6
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title> 7
</head>
<body>
<form name="temp" action="Sanitisation.php" method="get"> 8
Enter a URL here :<input type="text" name="url"/><BR/>
<input type="submit" value="submit"/>
<input type="reset" value="Reset"/> 9
</form>
</body>
</html> 0