Validating and sanitizing URLs, Emails, and other inputs with PHP’s filter_* functions
Author: willem In: coding, php, web developmentPHP has several built-in filter_* functions that can assist with validating and sanitizing email addresses, URLs, strings, integers, float values, etc.
Please note that this these functions only validate the structure of email address or URL strings, they don’t check if the associated domains actually exist. To obtain a list of all available filters on your system, use the results from the filter_list() function:
<?php foreach (filter_list() as $filter) { echo $filter . "\n"; } ?>
The code above will result in output similar to:
int boolean float validate_regexp validate_url validate_email validate_ip string stripped encoded special_chars unsafe_raw email url number_int number_float magic_quotes callback
PHP’s filter_* functions provide three basic filtering methods:
Validate - Check that data is in the exact format that it should be (e.g. FILTER_VALIDATE_EMAIL).
Sanitize - Clean the data by removing, escaping or encoding invalid characters (e.g. FILTER_SANITIZE_EMAIL).
Flags - Set options for all or specific filters (e.g. FILTER_FLAG_ALLOW_HEX and / or min_range, max_range, etc).
Usage examples:
To validate an email address:
<?php $email_address = 'willem@geekology..co....za'; (filter_var($email_address, FILTER_VALIDATE_EMAIL)) ? $result = "Valid email address" : $result = "Invalid email address"; echo $result; ?>
To sanitize an email address:
<?php $email_address = 'willem@geekology.co. za'; echo filter_var($email_address, FILTER_SANITIZE_EMAIL); ?>
To validate a URL:
<?php $url = 'http://www.geekology..co....za'; (filter_var($url, FILTER_VALIDATE_URL)) ? $result = "Valid URL" : $result = "Invalid URL"; echo $result; ?>
To sanitize a URL:
<?php $url = 'http://www.geekology.co. za'; echo filter_var($url, FILTER_SANITIZE_URL); ?>
To sanitize a string:
<?php $string = "hfgsd" . chr(9) . chr(128) . "535"; echo filter_var($string, FILTER_SANITIZE_STRING); ?>
To validate an integer within a specified range:
<?php $integer = 132; (filter_var($integer, FILTER_VALIDATE_INT, array('options'=> array('min_range'=>1, 'max_range'=>10) ) )) ? $result = "Valid integer" : $result = "Invalid integer"; echo $result; ?>
To validate an array of values:
<?php $values = array('name'=>'willem van zyl', 'age'=>25, 'email'=>'willem@geekology.co. za'); $filters = array('name'=>array('filter'=>FILTER_CALLBACK, 'options'=>'ucwords'), 'age'=>array('filter'=>FILTER_VALIDATE_INT, 'options'=>array('min_range'=>1, 'max_range'=>120)), 'email'=>FILTER_SANITIZE_EMAIL); print_r(filter_var_array($values, $filters)); ?>
More information on PHP’s filter_* functions and their filters / flags can be found here.
Related posts:
- Editing, Validating and Querying XML with the XMLStarlet command line utility
- Sending emails with attachments using PHP’s mail() function
- A simpler way to send Text or HTML emails with attachments in PHP
- Using Regular Expressions - Part 2 of 3 - Regex in PHP
- Transfer your business emails to Google Apps with Google Email Uploader for Mac
Like this post? Subscribe to the Geekology RSS 2.0 feed!












Leave a reply