Skip to content
Related Articles
Get the best out of our app
Open App

Related Articles

PHP | Filter and Filter Constant

Improve Article
Save Article
Like Article
Improve Article
Save Article
Like Article

PHP Filter is an extension that filters the data by either sanitizing or validating it. It plays a crucial role in security of a website, especially useful when the data originates from unknown or foreign sources, like user supplied input. For example data from a HTML form.

There are mainly two types of filters which are listed below:

  • Validation: is used to validate or check if the data meets certain qualifications or not. For example, passing in FILTER_VALIDATE_URL will determine if the data is a valid url, but it will not change the existing data by itself.
  • Sanitization: unlike validation, sanitization will sanitize data so as to ensure that no undesired characters by removing or altering the data. For example passing in FILTER_SANITIZE_EMAIL will remove all the characters that are inappropriate for an email address to contain. That said, it does not validate the data.

Example 1: PHP program to validate URL using FILTER_VALIDATE_URL filter.

// PHP program to validate URL
// Declare variable and initialize it to URL
// Use filter function to validate URL
if (filter_var($url, FILTER_VALIDATE_URL)) {
    echo("valid URL");
else {
    echo("Invalid URL");

Example 2: PHP program to validate email using FILTER_VALIDATE_EMAIL filter.

// PHP program to validate email
// Declare variable and initialize it to email
$email = "";
// Use filter function to validate email
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Valid Email";
else {
    echo "Invalid Email";

Filter Functions: The filter function is used to filter the data coming from insecure source.

  • filter_var(): Filters a specific variable
  • filter_var_array():Filters multiple variable i.e. array of variable
  • filter_has_var(): Check if the variable of specific input type exists or not
  • filter_id():helps to get filter id of the specified filter name
  • filter_list():Returns a list of supported filter name in the form of array.
  • filter_input():Gets an external variable and filters it if set to do so.
  • filter_input_array():same as filter_input() but here Gets multiple variables i.e. array of variable and filters them if set to do so.

Predefined Filter Constants: There are many predefined filter constants which are listed below:

  • Validate filter constants:
    • FILTER_VALIDATE_BOOLEAN: Validates a boolean
    • FILTER_VALIDATE_INT: Validates an integer
    • FILTER_VALIDATE_FLOAT: Validates a float
    • FILTER_VALIDATE_REGEXP: Validates a regular expression
    • FILTER_VALIDATE_IP: Validates an IP address
    • FILTER_VALIDATE_EMAIL: Validates an e-mail address
    • FILTER_VALIDATE_URL: Validates an URL
  • Sanitize filter constants:
    • FILTER_SANITIZE_EMAIL: Removes all illegal characters from an e-mail address
    • FILTER_SANITIZE_ENCODED: Removes/Encodes special characters
    • FILTER_SANITIZE_MAGIC_QUOTES: Apply addslashes() function
    • FILTER_SANITIZE_NUMBER_FLOAT: Remove all characters, except digits, +- and optionally ., eE
    • FILTER_SANITIZE_NUMBER_INT: Removes all characters except digits and + –
    • FILTER_SANITIZE_SPECIAL_CHARS: Removes special characters
    • FILTER_SANITIZE_FULL_SPECIAL_CHARS Encoding quotes can be disabled by using FILTER_FLAG_NO_ENCODE_QUOTES.
    • FILTER_SANITIZE_STRING : Removes tags/special characters from a string
    • FILTER_SANITIZE_URL: Removes all illegal character from s URL
  • Other filter constants:
    • FILTER_UNSAFE_RAW :Do nothing, optionally strip/encode special characters
    • FILTER_CALLBACK :Call a user-defined function to filter data

Note: PHP filters are enabled by defaults in PHP 5.2.0 and newer versions. Installation requires for older versions.


My Personal Notes arrow_drop_up
Last Updated : 13 Feb, 2019
Like Article
Save Article
Similar Reads
Related Tutorials