Work with a Filter in PHP


Introduction

Hi guys, In this article we are going to understand the concept of the PHP filter. First of all we need to understand the concept thoroughly. You must have installed the Xampp server.


Concept

The point is that PHP filters are used to validate and filter data coming from insecure sources, like user input. To have test on the particular thing validate and filter user input or custom data is an important part of any web application.

Reasons to use PHP filter

By knowing that almost all the web application depend on external inputs. This can come by a user or another application say any web services. By using the filter we can easily validate the user input or by using filters you can be sure your application gets the correct input type.
 
Input filtering is one of the most important application security issues. So do you know how many kind of the external inputs we can use in our web application? Answer of above doubt are as follow:

  • Cookies
  • Input from the form
  • web services
  • Database query result
  • Server variable

Functions and Filters in PHP

In this section we are going  to filter a variable, use one of the following filter functions:

  • filter_var() - Filters a single variable with a specified filter.
  • filter_var_array() - Filter several variables with the same or different filters.
  • filter_input - Get one input variable and filter it.
  • filter_input_array - Get several input variables and filter them with the same or different filters.

There are three kind of filters we are having for this purpose :

  • Validating filters
  • Sanitizing filters
  • Options and Flags

Validating filters

  • Are used to validate user input
  • Strict format rules (like URL or E-Mail validating)
  • Returns the expected type on success or FALSE on failure

Sanitizing filters

  • Are used to allow or disallow specified characters in a string
  • No data format rules
  • Always return the string

Options and Flags

Options and flags are used to add additional filtering options to the specified filters.

Let us see the way to validate the Input

Validate Input

In this part we are going to understand validate input. First of all we need to do is to confirm that the input data we are looking for exists. Then we filter the input data using the filter_input() function.

<?php
if(!filter_has_var(INPUT_GET, "email")
{
echo("Input type does not exist");
}
else
{
if (!filter_input(INPUT_GET, "email", FILTER_VALIDATE_EMAIL))
{
echo "E-Mail is not valid";
}
else
{
echo "E-Mail is valid";
}
}
?>

Sanitize Input

First we confirm that the input data we are looking for exists. Then we sanitize the input data using the filter_input() function.

<?php
if(!filter_has_var(INPUT_POST, "url"))
  {
  echo(
"Input type does not exist");
  }
else
  {
  $url = filter_input(INPUT_POST,
"url", FILTER_SANITIZE_URL);
  }
?>

Filter Multiple Inputs

As we a know a web form can have a multiple inputs fields. To avoid calling the filter_var or filter_input functions over and over, we can use the filter_var_array or the filter_input_array functions.

Lets have a above concept with an example

<
html>
<
head>
</
head>
<
body bgcolor="lightgreen">
<center>
<
h3><marque>Filter function in PHP</marque></h3> <hr>
<?php
$filters = array
 
(
 
"name" => array
   
(
   
"filter"=>FILTER_SANITIZE_STRING
    ),
 
"age" => array
 
(
   
"filter"=>FILTER_VALIDATE_INT,
   
"options"=>array
     
(
     
"min_range"=>1,
     
"max_range"=>120
     )
    ),
 
"email"=> FILTER_VALIDATE_EMAIL,
  );
$result = filter_input_array(INPUT_GET, $filters);
 
if (!$result["age"])
  {
 
echo("DEEPAK :Age must be a number between 1 and 120.<br />");
  }
elseif(!$result["email"])
  {
 
echo("E-Mail is not valid.<br />");
  }
else
 
{
 
echo("User input is valid");
  }
?>
</body>
</html>

Save it as fil.php

Output of above code

To run the code, Open the XAMPP server and start the services like Apache and MySQL. Open the browser type: http://localhost/yourfoldername/fil.php 

filter.gif

Elaboration of code

There are three inputs (name, age and email) sent to it using the "GET" method:

  • Set an array containing the name of input variables and the filters used on the specified input variables
  • Call the filter_input_array() function with the GET input variables and the array we just set
  • Check the "age" and "email" variables in the $result variable for invalid inputs. (If any of the input variables are invalid, that input variable will be FALSE after the filter_input_array() function)

Conclusion : Filtration in any web application plays an role web development.

Thanks !!