Updated March 28, 2023
Introduction to PHP filter_var
Php filter_var() is a function that is used to filter a given variable with a specified filter. To sanitize and validate the data such as email_id, IP address, etc., in Php, the filter_var() function is used (which contains the data). Validation in the text means whether the entered data is in the correct format or not. For example, in an email id of the person, whether the ‘@’ sign is present or not. In a phone number field, all the numbers or digits should be present. Sanitization means to sanitize the data entered or remove the illegal or unnecessary characters from it to prevent any future issues. For example, removing unnecessary symbols and characters from user email.
Syntax:
Below given is the basic syntax of filter_var() function in Php:
filter_var(variable, filtername, options)
where,
- variable: This parameter stands for the variable field, the variable which needs to be filtered. It is the mandatory field.
- filtername: This parameter stands for the name of the filter which the user wants to use. It is an optional parameter. If not specified, FILTER_DEFAULT is used, which means that not filtering would be done to the given variable.
- options: This parameter is optional. It specifies the options/ flags to be used. It is basically an associative array of bitwise disjunctions of flags or options. If this parameter is used in the filter_var() function, a flag must be provided in the ‘flags’ field, and a callable type must be passed for the callback function. After accepting all the parameters, the filtered and sanitized variable is returned.
Return Value: The above function returns the filtered value or false if the data/ variable does not get filtered.
How does the filter_var function work in Php?
In PHP, the filter_var() method accepts the above-explained various parameters and returns the validated/ sanitized data. Validation means checking the format of the data as specified by the programmer, and Sanitization means removing the unnecessary characters from the data to return the data as required by the programmer.
Examples of PHP filter_var
Let us understand the working of the filter_var() function in Php along with the examples:
Example #1
Validating an Integer value using filter_var() function:
Code:
<!DOCTYPE html>
<html>
<body>
<?php
// Integer value to check
$value = 789787;
// passing the value in the filter_var() function
if (filter_var($value, FILTER_VALIDATE_INT))
{
echo("Congratulations!!! $value is a valid integer value");
}
else
{
echo("Sorry!! $value is not a valid integer value");
}
?>
</body>
</html>
Output:
Explanation:
In the above code, the Integer value to be validated is stored in the variable ‘value’ and is then passed in the filter_var() method along with the ‘FILTER_VALIDATE_INT’ filter name to validate it. Finally, conditional operators if and else are applied to check the condition, and the respective output is printed on the console using the ‘echo.’
Example #2
Validating the IP address of the computer device using the filter_var() function
Code:
<!DOCTYPE html>
<html>
<body>
<?php
// Ip Address to validate
$ip = '180.0.0';
//Passing the ip address and applying the specific ip filter name
if (filter_var($ip, FILTER_VALIDATE_IP)){
echo("Congratulations!! $ip is a valid IP address, passed by the you");
}
else
{
echo("Sorry $ip is an incorrect IP address");
}
?>
</body>
</html>
Output:
Explanation:
In the above code, the IP address of the computer or any other network device is validated using the filter_var() method. The ip address that is to be validated is stored in the variable ‘ip.’ Since the IP address has its specific format ‘x.y.z.w,’ it is validated using the ‘FILTER_VALIDATE_IP’ in the filter_var() function. Finally, the ip address passed is validated, and the respective output is printed on the console using ‘echo.’
Example #3
Sanitizing and Validating the URL address using the filter_var() function
Code:
<!DOCTYPE html>
<html>
<body>
<?php
// URL which is to be checked
$check_url = "https::////www.abc.com//";
// Sanitizing the URL by removing unnecessary characters from it if any
$check_url = filter_var($check_url, FILTER_SANITIZE_URL);
// Validating the url by passing the appropriate filter name and the sanitized url
if(!filter_var($check_url, FILTER_VALIDATE_URL) == false) {
echo("Congratulations!!! $check_url is the correct URL");
}
else
{
echo("Sorry!! $check_url is an invalid URL");
}
?>
</body>
</html>
Output:
Explanation:
In the above code, the URL address, which has a specific format, is sanitized first and then validated using the filter_var() method. The URL to be checked is stored in the variable ‘check_url.’ To sanitize the url, ‘FILTER_SANITIZE_URL’ is passed as a filter name along with the url. Once sanitized, url is then validated using the ‘FILTER_VALIDATE_URL’ filter name along with the url, and the respective output on validation is printed on the console using ‘echo.’
Example #4
Validating the email address of the user using the filter_var() function
Code:
<!DOCTYPE html>
<html>
<body>
<?php
// email address to be checked
$email_check = "[email protected]";
// Validating the email by passing the email address and the filtername
if (filter_var($email_check, FILTER_VALIDATE_EMAIL))
{
echo("Congratulations!! $email_check is a valid email address");
}
else
{
echo("Sorry!! You have entered an incorrect email address");
}
?>
</body>
</html>
Output:
Explanation:
In the above example, the email address which is to be checked is stored in the variable ‘email_check.’ It is validated using the filter_var() function in Php, bypassing the email variable and the respective filter name (FILTER_VALIDATE_EMAIL). Since the passed email is invalid, so the response is printed on the console using the ‘echo.’
Example #5
Code:
<!DOCTYPE html>
<html>
<?php
// Integer value to be checked
$value = 465675;
// Validating the above integer value range using the 'options' parameter
if(filter_var($value, FILTER_VALIDATE_INT, array("options" => array("min_range" => 10,"max_range" => 4000))))
{
echo "Integer $value is within the specified range";
}
else
{
echo "Sorry!! Integer $value is not in the range provided by you";
}
?>
</body>
</html>
Output:
Explanation:
In the above example, the Integer value is to be validated for the given range, i.e., 10 to 400 is tested. Then, in the filter_var() function, the value to be tested is passed along with the filter name (FILTER_VALIDATE_INT) and 1 optional parameter, i.e., ‘options’ having the array with the minimum and maximum range specified. Finally, the variable is validated, and accordingly, the response is printed on the console using the ‘echo.’
Conclusion
The above description clearly explains what is filter_var() functions in Php and how it works to validate and sanitize the variable passed in it. It is one of the important functions that programmers commonly use to filter the data to prevent a security breach. However, this function facilitates the use of different filters by passing the different parameters according to the specific requirements, so the programmer needs to understand it deeply before using it in the program.
Recommended Articles
This is a guide to PHP filter_var. Here we discuss the introduction, syntax, and working of the filter_var function in Php along with different examples and code implementation. You may also have a look at the following articles to learn more –