Last Updated: February 25, 2016
·
10.15K
· xero

clean user inputs with php var filters

#php
#security
#sanitize
#user input

returns a list of all supported filters
http://php.net/manual/en/function.filter-list.php

filters a variable with a specified filter
http://php.net/manual/en/function.filter-var.php

gets multiple variables and optionally filters them
http://php.net/manual/en/function.filter-var-array.php

gets a specific external variable by name and optionally filters it
http://php.net/manual/en/function.filter-input.php

gets external variables and optionally filters them
http://php.net/manual/en/function.filter-input-array.php

i dont know why it took me so long to find these commands, but i love php's native filter functions! the idea is you take any input (i use it almost exclusively with user input [e.g. post, get, request]) and filter it!

there are validation and sanitation filters.
http://php.net/manual/en/filter.filters.validate.php
http://php.net/manual/en/filter.filters.sanitize.php
http://php.net/manual/en/filter.filters.flags.php

here are some of my favorites:

FILTER CALLBACK
call a user-defined function to filter data

FILTER SANITIZE STRING
strip tags, optionally strip or encode special characters

FILTER SANITIZE ENCODED
URL-encode string, optionally strip or encode special characters

FILTER SANITIZE SPECIAL CHARS
HTML-escape '"<>& and characters with ASCII value less than 32

FILTER SANITIZE EMAIL
remove all characters, except letters, digits and !#$%&'*+-/=?^ `{|}~@.[]

FILTER SANITIZE URL
remove all characters, except letters, digits and $- .+!*'(),{}|\^~[]`<>#%";/?:@&=

FILTER SANITIZE NUMBER INT
remove all characters, except digits and +-

FILTER SANITIZE NUMBER FLOAT
remove all characters, except digits, +- and optionally .,eE

FILTER VALIDATE INT
validate value as integer, optionally from the specified range

FILTER VALIDATE BOOLEAN
returns TRUE for "1", "true", "on" and "yes", FALSE for "0", "false", "off", "no", and "", NULL otherwise

FILTER VALIDATE FLOAT
validate value as float

FILTER VALIDATE REGEXP
validate value against regexp, a Perl-compatible regular expression

FILTER VALIDATE URL
validate value as URL, optionally with required components

FILTER VALIDATE EMAIL
validate value as e-mail

FILTER VALIDATE IP
validate value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges

examples:

<?
//---check if valid email
if(!filter_var("someone@example....com", FILTER_VALIDATE_EMAIL)){
    die('invalid email');
}

//---sanitize posted name
$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);

//---check if posted id is a number
$dirty = $_POST['id'];
$id = (filter_var($dirty, FILTER_VALIDATE_INT)) ?
      filter_var($dirty, FILTER_SANITIZE_NUMBER_INT) :
      0;
?>
#php
#security
#sanitize
#user input

Written by xero harrison

Say Thanks
Respond

Related protips

HTML5 Mobile Device Camera Access

341.4K
19

Pretty print array php

272.2K
0

Laravel's .htaccess to remove "public" from URL

242K
10

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Php Authors
projectcleverweb
463.4K
#php
#javascript
#css
brandonbeeks
339.6K
#php
#javascript
#css
jvinceso
267.7K
#php
#ASP
#JavaScript
hnordt
241.3K
#php
#laravel
#CoffeeScript
rmcdaniel
237.6K
#php
#JavaScript
#Open Source
Related Tags
#php
#security
#sanitize
#user input
Sponsored by
#native_company#
#native_desc#
#native_cta#
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#