How to use the Filter Functions in PHP

Posted on

When I started learning PHP (Back in the PHP4 days) validating data was always a pain (for me at least). Most of the resources available cited the POSIX functions as the most effective way of validating an email address or URL.

Thankfully since then, the PHP community has embraced the PCRE functions which are more efficient and are Perl-compatible. However the downside to PCRE (and POSIX for that matter) is that you need to know regular expressions, which for a newbie to learn can feel like walking through a minefield.

Recently though the Filter Functions have become a very popular method to validate data. This is due to their small learning curve.

How to use the Filter Functions

In this example (Using the filter_var() function) the filter function takes the data you input (For example: and will return either the data (if it's valid) or false (if the data is not valid).

// Filter an Email Address
var_dump(filter_var('', FILTER_VALIDATE_EMAIL)); // Returns: string(17) ""

// This is a fake email being filtered.
var_dump(filter_var('', FILTER_VALIDATE_EMAIL)); // Returns: bool(false)

var_dump(filter_var('ema(i)', FILTER_SANITIZE_EMAIL )); // Returns: string(17) ""

// Filter a URL
var_dump(filter_var('', FILTER_VALIDATE_URL)); // Returns: bool(false)

// Filter a URL
var_dump(filter_var('', FILTER_VALIDATE_URL)); // Returns: string(18) ""

// Example usage
$email = ''; // or something submitted from a form.
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ // If this returns false
    die('The email you send is invalid.');

A handful of the useful available filters are:

  • FILTER_SANITIZE_STRING - Removes HTML tags and possibly unwanted characters.
  • FILTER_SANITIZE_EMAIL - Removes unwanted characters from an email address.
  • FILTER_SANITIZE_URL - Removes unwanted characters from a URL.
  • FILTER_SANITIZE_NUMBER_INT - Returns only digits,  + and -.
  • FILTER_VALIDATE_INT - If data is not an integer it will return false.
  • FILTER_VALIDATE_URL - If data is not a URL it will return false.
  • FILTER_VALIDATE_EMAIL - If data is not an email it will return false.
  • FILTER_VALIDATE_IP - If data is not an IP it will return false.

This was written by Mike Rogers, a freelance Ruby on Rails developer based in London.

Share the ♥ by sharing this!

If you want to discuss this post, feel free to tweet me (@MikeRogers0) or drop me an email. Any code samples unless stated otherwise are licensed under the The MIT License (MIT). Spotted a mistake? Send me a pull request :)