Validating and sanitizing URLs, Emails, and other inputs with PHP’s filter_* functions

PHP has several built-in filter_* functions that can assist with validating and sanitizing email addresses, URLs, strings, integers, float values, etc.

Please note that this these functions only validate the structure of email address or URL strings, they don’t check if the associated domains actually exist. To obtain a list of all available filters on your system, use the results from the filter_list() function:

<?php
 
  foreach (filter_list() as $filter)
  {
    echo $filter . "\n";
  }
 
?>

The code above will result in output similar to:

int
boolean
float
validate_regexp
validate_url
validate_email
validate_ip
string
stripped
encoded
special_chars
unsafe_raw
email
url
number_int
number_float
magic_quotes
callback

PHP’s filter_* functions provide three basic filtering methods:

Validate – Check that data is in the exact format that it should be (e.g. FILTER_VALIDATE_EMAIL).

Sanitize – Clean the data by removing, escaping or encoding invalid characters (e.g. FILTER_SANITIZE_EMAIL).

Flags – Set options for all or specific filters (e.g. FILTER_FLAG_ALLOW_HEX and / or min_range, max_range, etc).

Usage examples:

To validate an email address:

<?php
 
  $email_address = 'willem@geekology..co....za';
 
  (filter_var($email_address, FILTER_VALIDATE_EMAIL))
    ? $result = "Valid email address"
    : $result = "Invalid email address";
 
  echo $result;
 
?>

To sanitize an email address:

<?php
 
  $email_address = 'willem@geekology.co. za';
 
  echo filter_var($email_address, FILTER_SANITIZE_EMAIL);
 
?>

To validate a URL:

<?php
 
  $url = 'http://www.geekology..co....za';
 
  (filter_var($url, FILTER_VALIDATE_URL))
    ? $result = "Valid URL"
    : $result = "Invalid URL";
 
  echo $result;
 
?>

To sanitize a URL:

<?php
 
  $url = 'http://www.geekology.co. za';
 
  echo filter_var($url, FILTER_SANITIZE_URL);
 
?>

To sanitize a string:

<?php
 
  $string = "hfgsd" . chr(9) . chr(128) . "535";
 
  echo filter_var($string, FILTER_SANITIZE_STRING);
 
?>

To validate an integer within a specified range:

<?php
 
  $integer = 132;
 
  (filter_var($integer, FILTER_VALIDATE_INT,
    array('options'=>
      array('min_range'=>1,
            'max_range'=>10)
      )
    ))
    ? $result = "Valid integer"
    : $result = "Invalid integer";
 
  echo $result;
 
?>

To validate an array of values:

<?php
 
  $values = array('name'=>'willem van zyl',
                  'age'=>25,
                  'email'=>'willem@geekology.co. za');
 
  $filters = array('name'=>array('filter'=>FILTER_CALLBACK,
                                 'options'=>'ucwords'),
                   'age'=>array('filter'=>FILTER_VALIDATE_INT,
                                'options'=>array('min_range'=>1, 'max_range'=>120)),
                   'email'=>FILTER_SANITIZE_EMAIL);
 
  print_r(filter_var_array($values, $filters));
 
?>

More information on PHP’s filter_* functions and their filters / flags can be found here.

 

Related posts:

  1. Editing, Validating and Querying XML with the XMLStarlet command line utility
  2. Using Regular Expressions – Part 2 of 3 – Regex in PHP
  3. Sending emails with attachments using PHP’s mail() function
  4. A simpler way to send Text or HTML emails with attachments in PHP
  5. Testing SMTP servers from a UNIX command line
Twitter Digg Delicious Stumbleupon Technorati Facebook Email

One Response to “Validating and sanitizing URLs, Emails, and other inputs with PHP’s filter_* functions”

  1. This is a nice article. This is helping to me. I learn something this filter function.

    You done a good job:-)

    Thanks a lot..!

Afrigator