A PHP filter is an extension that filters out by validating or sanitizing external input data.
This is particularly useful when the data source contains unknown data such as user-input data. For example the data from HTML forms, cookies, SQL statement results, etc.
There are two main types of PHP filtering.
Validation: It is used to validate or check whether the data meet certain qualifications. For example, passing in "FILTER_VALIDATE_URL" will determine if the data is a valid URL, but it will not automatically replace any other data.
Sanitization: sanitization will sanitize the data to ensure that there are no unwanted characters from deleting or replacing data. For example, passing in filter_sanitize_email will remove characters that are inappropriate for email addresses. It is the opposite of Validate.
PHP Filter Functions
The PHP Filter Function is used to filter the external input data.
There are some filter functions in PHP. They are shown below:
- PHP filter_var() function: This function is used to validate and sanitize the input data.
- PHP filter_has_var() function: This function is used to check whether if a variable of a specified input type exists or not.
- PHP filter_list() function: This function is used to return a list of all supported filter names.
- PHP filter_input() function: This function is used to derive a specific external variable by name and filter it.
- PHP filter_id() function: This function is used to get the filter ID of a specified filter name.
- PHP filter_var_array() function: This function is used to derive multiple values stored in the variables and optionally filter them.
- PHP filter_input_array() function: This function is used to derive external variables and filter them when specified.
PHP Predefined Filter Constants
PHP has many predefined filter constants as they are shown below:
Validate filter constants: Some predefined filter constants are used for validation.
- FILTER_VALIDATE_BOOLEAN: It validates a boolean.
- FILTER_VALIDATE_INT: It validates an integer.
- FILTER_VALIDATE_FLOAT: It validates a float.
- FILTER_VALIDATE_EMAIL: It validates an e-mail address.
- FILTER_VALIDATE_URL: It validates an URL.
- FILTER_VALIDATE_REGEXP: It validates a regular expression.
- FILTER_VALIDATE_IP: It validates an IP address.
Sanitize filter constants: Some predefined filter constants are used for sanitization.
- FILTER_SANITIZE_EMAIL: It removes all inappropriate characters from an e-mail address.
- FILTER_SANITIZE_URL: It removes all inappropriate characters from the URL.
- FILTER_SANITIZE_NUMBER_INT: It removes all characters except digits and + –
- FILTER_SANITIZE_NUMBER_FLOAT: It removes all characters except digits, + - and optionally(.).
- FILTER_SANITIZE_STRING: It removes tags/special characters from a string.
- FILTER_SANITIZE_SPECIAL_CHARS: It removes special characters.
- FILTER_SANITIZE_FULL_SPECIAL_CHARS: It encoding quotes can be disabled by using FILTER_FLAG_NO_ENCODE_QUOTES.
- FILTER_SANITIZE_ENCODED: It Encodes special characters.
- FILTER_SANITIZE_MAGIC_QUOTES: It apply addslashes() function.
- FILTER_SANITIZE_STRIPPED: It alias of FILTER_SANITIZE_STRING.
Other filter constants
- FILTER_UNSAFE_RAW: It is strip/encode special characters.
- FILTER_CALLBACK: Call a user-defined function to filter the data.