Easy way to data filter and validate in php

Before php 5.2.0 when we have to validate or filter user data, we normally use regex and some php functions. Some of those regex are difficult to understand. So normally most of the coders search in google to collect the correct regex to validate data and also use some php functions to filter data.

In php 5.2.0 a new extension is provided named filter to make these filter tasks much easy.  You can install it in your linux distro by simply typing in shell  pecl install filter

Before proceeding next at first check the available filters in your system:

    echo '<pre>';
    print_r(filter_list());
    echo '</pre>';

Output in my system:

Array
(
    [0] => int
    [1] => boolean
    [2] => float
    [3] => validate_regexp
    [4] => validate_url
    [5] => validate_email
    [6] => validate_ip
    [7] => string
    [8] => stripped
    [9] => encoded
    [10] => special_chars
    [11] => unsafe_raw
    [12] => email
    [13] => url
    [14] => number_int
    [15] => number_float
    [16] => magic_quotes
    [17] => callback
)

filter_list() is a method that returns a list of all supported filters.

Validate Email address

Normally we validate email address like this way

 $email = "mahmud@thinkdiff.net";
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
  echo "Valid email address.";
}
else {
  echo "Invalid email address.";
}

But using php’s filter functions you can easily verify that

   $email  = "mahmud@thinkdiff.net";

    if(filter_var($email, FILTER_VALIDATE_EMAIL)){
         echo " $email is valid email address <br />";
    }

    $email = "mahmud@thinkdiffnet,net";
    if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE){
         echo " $email is not a valid email address <br />";
    }

Output

mahmud@thinkdiff.net is valid email address
mahmud@thinkdiffnet,net is not a valid email address

So using filter_var() and its parameters you can easily validate email, url, ip address and more.

Check this link to learn what type of data you can validate via filter functions. Normally FILTER_VALIDATE_EMAIL, FILTER_VALIDATE_INT, FILTER_VALIDATE_URL, FILTER_VALIDATE_IP are mostly used.

Data Sanitization

Data sensitization is very important. As a coder never trust user’s input. User may push SQL injection code or javascript code. So always validate or sanitize data before use. To sanitize data you can use the same filter functions but you have to only provide sanitize filters as second parameter. Some commonly used sanitize filters are:

FILTER_SANITIZE_EMAIL
FILTER_SANITIZE_NUMBER_FLOAT
FILTER_SANITIZE_NUMBER_INT
FILTER_SANITIZE_SPECIAL_CHARS
FILTER_SANITIZE_STRING
FILTER_SANITIZE_URL
FILTER_SANITIZE_ENCODED

You’ll see detail list and description from here. For example to get valid string from user input

 $userData = array(
                '<b>bold</b>',
                "<script>javascript alert('hi');</script>",
                'P*}i@893746%%%p*.i.*}}|.dw<?php echo "echo works!!";?>'
            );

    $myinputs = filter_var_array($userData, FILTER_SANITIZE_STRING);

    echo '<pre>';
    print_r($myinputs);
    echo '</pre>';

output

Array
(
    [0] => bold
    [1] => javascript alert('hi');
    [2] => P*}i@893746%%%p*.i.*}}|.dw
)

filter_var_array() is used to get multiple variables and optionally filters them. And this function is very useful for retrieving many values without repetitively calling filter_var().

References:

About mahmud ahsan

Founder And Lead Programmer at iThinkdiff.net

, , , ,

7 Responses to Easy way to data filter and validate in php

  1. Mushfiq-E Mahabub September 30, 2010 at 8:03 pm #

    Great technique :)
    Thanks for sharing .

  2. carlo November 3, 2011 at 7:19 am #

    very nice. thanks for sharing. :)

    • bbcvbcv December 13, 2012 at 3:16 pm #

      yeah u r correct

  3. karim November 6, 2011 at 5:33 am #

    thanks mahmud ! , and happy Eid ^^

  4. gaurishpatil December 3, 2012 at 5:20 pm #

    thanks.. thank you very much for sharing .. :)

  5. hello January 15, 2013 at 1:13 pm #

    alert(/sssss/);

  6. mohan January 6, 2014 at 5:46 pm #

    it’s very useful .. and simple to learn… thanks.. do posting similar