Register Login

PHP filter_var () Function with Examples

What is filter_var()?

filter_var() is a PHP function used to filters a variable with the help of a specified filter. In PHP programming language we can use filter_var() function to validate and sanitize a data such as email id, IP address etc.

Validation means to check if the data entered by the user is in the proper format or not. For example, when validating an email we can check if ‘@’ is present or not. Validation can be performed on integers, float, string, URL, e-mail, etc.

Sanitization means to remove unnecessary or illegal characters from the data. Sanitization helps us in removing illegal characters entered by the user.

To ensure the security of your website data, it is required to perform both sanitization and validation. Because sanitization doesn’t necessarily mean data is in a proper format. And validation doesn’t also mean user input is 100% correct.

This is where filter_var() function comes to the rescue.

Basic Syntax of filter_var() Function

filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT [, mixed $options ]] ) : mixed 

Parameters of filter_var() Function

variable

It is the value which needed to be filtered. 

Note: Scalar values are converted to string internally before getting filtered.
filter It is an optional parameter which represents the name or ID of the filter to be used. Default FILTER_DEFAULT will be used if this parameter is neglected. This will result in no filtering.
options Also, an optional parameter, It specifies single or multiple flags/option to be used, This parameter checks for possible flags and option for each filter 

Return Value

If successful it returns filtered value otherwise FALSE in the case fo failure

PHP Filter_var () Examples

1.Sanitize and Validate an Email Address

        <?php       
// Variable to check
                $email = "test@test.com";               
// Remove all illegal characters from email
                $email = filter_var($email, FILTER_SANITIZE_EMAIL);            
// Validate e-mail
                if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
                    echo("$email is a valid email address");
                } else {
                    echo("$email is not a valid email address");
                }
                ?>

Output

test

@test.com is a valid email address 

Code Explanation

In the above code, filter_var() function is used for sanitization and validation.

Here we have a variable ‘$email’ set equal to an email-id "test@test.com". In the next line, we used filter_var() function for sanitization. After this, we performed e-mail validation and if-else block to echo if entered e-mail id is valid or not. If it is valid "$email is a valid email address" is echoed else "$email is not a valid email address" is echoed on the screen.    

2.Sanitize a String

<?php
// Variable to check
$string = "<p><strong>This is a Stechies !</strong></p>";
// Remove all illegal characters from string
$string = filter_var($string, FILTER_SANITIZE_STRING);
echo $string;
?>

Output

This is a Stechies!

3.Validate an Integer Number

<?php
// Variable to check
$intnum = 1000022;
if (filter_var($intnum, FILTER_VALIDATE_INT)){
echo("$intnum is a valid integer number");
}else{
echo("$intnum is not a valid integer number");
}
?>

4.Validate a float Number

<?php
// Variable to check
$intnum = 11.11;
if (filter_var($intnum, FILTER_VALIDATE_FLOAT)){
echo("$intnum is a valid float number");
}else{
echo("$intnum is not a valid float number");
}
?>

5.Validate an IP Address

<?php
// Variable to check
$ipadd = '192.168.1.1';
if (filter_var($ipadd, FILTER_VALIDATE_IP)){
echo("$ipadd is a valid IP address");
}else{
echo("$ipadd is not a valid IP address");
}
?>

Output

192.168.1.1 is a valid IP address

6.Sanitize and Validate a URL

<?php
// Variable to check
$url = "https://www.stechies.com/";
// Remove all illegal characters from url
$url = filter_var($url, FILTER_SANITIZE_URL);
// Validate url
if(!filter_var($url, FILTER_VALIDATE_URL) == false) {
echo("$url is a valid URL");
}else{
echo("$url is not a valid URL");
}
?>

Output

https://www.stechies.com/ is a valid URL

Valid and Not Valid URL

Url Valid/Invalid

https://www.stechies.com/

Valid

htssssstps://ww3333w.stsssssechies.csssom/

Valid

https::////www.stechies.com/

Invalid