How to Use filter_var() Function in PHP
PHP uses the filter_var() function to filter a variable using a given filter. The function is designed to check the given data against a specified filter to make sure that it is safe and valid for use on the web. The filter_var() function is part of the PHP filter extension that provides many filtering options to choose from, including email, URL, IP address, numbers, and much more.
The following syntax is used for the filter_var() function in PHP.
Where:
$data represents the data to be filtered.
$filter specifies the filter to be applied.
$options (optional) allows you to provide additional parameters to the filter.
The filter_var() function returns a filtered version of the original data, rather than simply returning a Boolean value. This makes it easy to use the function in a variety of contexts, such as checking user input and handling errors.
Supported Filters by filter_var() Function
The filter_var() function includes a wide range of filters that can be used to validate different types of data. These filters are all intended to help maintain the security and safety of user input, however, each one of them serves a different function.
Some of the most popular filters include:
- FILTER_VALIDATE_EMAIL: Validates an email address.
- FILTER_VALIDATE_URL: Validates a URL.
- FILTER_SANITIZE_STRING: Removes HTML tags and escapes special characters.
- FILTER_SANITIZE_NUMBER_INT: Removes all characters except digits.
- FILTER_VALIDATE_IP: Validates an IP address.
- FILTER_VALIDATE_INT: Validates an integer.
- FILTER_VALIDATE_BOOLEAN: Validates a boolean value.
- FILTER_SANITIZE_SPECIAL_CHARS: Filter out any unsafe characters from a string
Take a look at a code example:
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
function test()
{
echo "This is a test function.";
}
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, firstname, lastname FROM MyGuests";
$result = $conn->query($sql);
if ($result->num_rows > 0)
{
// output data of each row
while ($row = $result->fetch_assoc())
{
echo "id: " . $row["id"] . " - Name: " . $row["firstname"] . " " . $row["lastname"] . "<br>";
}
}
else
{
echo "0 results";
}
$conn->close();
?>
Using the FILTER_VALIDATE_EMAIL and FILTER_VALIDATE_URL filters, the above code first verifies the legitimacy of an email address and a URL. The FILTER_SANITIZE_STRING filter is then used to sanitize user input by eliminating any HTML tags or other unusual characters. Then, using the FILTER_SANITIZE_NUMBER_INT filter, it cleans a mixed alphanumeric text by extracting just the numeric letters. The FILTER_VALIDATE_IP filter is then used by the code to validate an IP address. The FILTER_VALIDATE_BOOLEAN filter is then used to check if a Boolean value is valid.
It’s essential to recognize the distinction between validation and sanitization when utilizing the PHP filter_var() function. Validation is the process of checking whether a given input conforms to a specific standard or format, while sanitization is the process of removing any potentially harmful or unwanted characters from the input.
For verifying and sanitizing user input in PHP, utilize the filter_var() method. It can help prevent many common issues, such as SQL injection attacks, cross-site scripting attacks, and other security breaches. However, as with any tool, it is important to use the filter_var() function correctly and to choose the appropriate filters for the type of data being validated.
Conclusion
For web developers who wish to make their online applications safe and secure, the PHP filter_var() function is a crucial tool. It provides a wide range of filters that can be used to validate and sanitize data input, and it is easy to use and flexible. You may help prevent many typical security problems and make sure your web application is as safe as possible by utilizing the filter_var() method.
Source: linuxhint.com