C Language
   C++ (or) CPP
   Java
   HTML
   HTML5
   CSS
   CSS3
   JavaScript
   jQuery
   AngularJS
   Articles
   Blog
logo
PHP Filters
PHP filters are used to validate and sanitize external input. The Filters are used most common tasks in a web application.

Validating data : Determine if the data is in proper form.
Sanitizing data :  Remove any illegal character from the data.

To make this task easier PHP provides native filter extension that you can use to sanitize or validate data such as  input, e-mail addresses, URLs, IP addresses, etc.
To validate data using filter extension you need to use the PHP's filter_var() function. 
Syntax

filter_var(variable, filter, options)

This function takes three parameters out of which the last two are optional.

  • The first parameter is the value to be filtered
  • The second parameter is the ID of the filter to apply
  • The third parameter is the array of options related to filter.
Sanitize a String
The following example uses the filter_var() function to remove all HTML tags from a string :
<!DOCTYPE html>
<html>
<head>
    <title>Sanitize a String in PHP</title>
</head>
<body>

<?php
// Sample comment
$filter_mesg = "<h1>Hi, Welcome to Free Time Learning..!</h1>";
 
// Sanitize and print comment string
$sanitized_comment = filter_var($filter_mesg, FILTER_SANITIZE_STRING);
echo $sanitized_comment;
?>

</body>
</html>
Output :
Validate an Integer
The following example will validate whether the value is a valid integer or not.
<!DOCTYPE html>
<html>
<head>
    <title>Validate an Integer</title>
</head>
<body>

<?php
	// Integer value
	 $int = 27;
	 
	// Validate sample integer value
	if(filter_var($int, FILTER_VALIDATE_INT)){
		echo "The <b>$int</b> is a valid integer";
	} else {
		echo "The <b>$int</b> is not a valid integer";
	}
?> 

</body>
</html>
Output :
In the above example, if variable $int is set to 0, the example code will return "Integer is not valid". To fix this problem, you need to explicitly test for the value 0, as following example :
<!DOCTYPE html>
<html>
<head>
    <title>Validate an Integer</title>
</head>
<body>

<?php
// integer value
$int = 0;
 
// Sample validate integer value
if(filter_var($int, FILTER_VALIDATE_INT) === 0 || filter_var($int, FILTER_VALIDATE_INT)){
    echo "The <b>$int</b> is a valid integer";
} else {
    echo "The <b>$int</b> is not a valid integer";
}
?>

</body>
</html>
Output :
Validate an IP Address
The following example uses the filter_var() function to check if the variable $ip is a valid IP address:
<!DOCTYPE html>
<html>
<head>
    <title>Validate an IP Address</title>
</head>
<body>

<?php
$ip = "192.160.1.80";

if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
    echo("$ip is a valid IP address");
} else {
    echo("$ip is not a valid IP address");
}
?>

</body>
</html>
Output :
The php validate an ip addresses for IPV4 or IPV6 IP addresses by using the FILTER_FLAG_IPV4 or FILTER_FLAG_IPV6 flags, respectively. Here's an example :
<!DOCTYPE html>
<html>
<head>
    <title>Validate an IP Address</title>
</head>
<body>

<?php
$ip = "192.160.1.80";

if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)){
    echo "<b>$ip</b> is a valid IPV6 address";
} else {
    echo "<b>$ip</b> is not a valid IPV6 address";
}
?>

</body>
</html>
Output :
Sanitize and Validate Email Addresses
The following example uses the filter_var() function to first remove all illegal characters from the $email variable, then check if it is a valid email address :
<!DOCTYPE html>
<html>
<head>
    <title>Sanitize and Validate an Email Address</title>
</head>
<body>

<?php
	$email = "info@freetimelearning.com";
	
	$email = filter_var($email, FILTER_SANITIZE_EMAIL);
	
	if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
		echo("<b>$email</b> is a valid email address");
	} else {
		echo("<b>$email</b> is not a valid email address");
	}
?>

</body>
</html>
Output :
Sanitize and Validate URLs
The following example uses the filter_var() function to first remove all illegal characters from a URL, then check if $url is a valid URL :
<!DOCTYPE html>
<html>
<head>
    <title>Sanitize and Validate URLs</title>
</head>
<body>

<?php
	$url = "http://www.freetimelearning.com";

	$url = filter_var($url, FILTER_SANITIZE_URL);
	 
	if(filter_var($url, FILTER_VALIDATE_URL)){
		echo "<b>$url</b> is a valid website url";
	} else{
		echo "<b>$url</b> is not a valid website url";
	}
?>

</body>
</html>
Output :
Sanitize and Validate URLs contains query string or not by using the flag FILTER_FLAG_QUERY_REQUIRED, as shown in the following example :
<!DOCTYPE html>
<html>
<head>
    <title>Sanitize and Validate URLs</title>
</head>
<body>

<?php
	$url = "http://www.example.com?php=filters";
	 
	if(filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED)){
		echo "<b>$url</b> contains query string";
	} else{
		echo "<b>$url</b> does not contain query string";
	}
?>
</body>
</html>
Output :
Validate an Integer Within a Range
The following example uses the filter_var() function to check if a variable is both of type INT, and between 1 and 140 :
<!DOCTYPE html>
<html>
<head>
    <title>Validate an Integer Within a Range</title>
</head>
<body>

<?php
	$int = 80;
	$min = 1;
	$max = 140;
	
	if (filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range"=>$min, "max_range"=>$max))) === false) {
		echo("Variable value is not within the range of 1 to 140");
	} else {
		echo("Variable value is within the range of 1 to 140");
	}
?>

</body>
</html>
Output :