How to use the Filter Functions in PHP

When I started learning PHP (Back in the PHP4 days) validating data was always a pain (for me at least). Most of the resources available cited the POSIX functions as the most effective way of validating an email address or URL.

Thankfully since then, the PHP community has embraced the PCRE functions which are more efficient and are Perl-compatible. However the downside to PCRE (and POSIX for that matter) is that you need to know regular expressions, which for a newbie to learn can feel like walking through a minefield.

Recently though the Filter Functions have become a very popular method to validate data. This is due to their small learning curve.

How to use the Filter Functions

In this example (Using the filter_var() function) the filter function takes the data you input (For example: [email protected]) and will return either the data (if it's valid) or false (if the data is not valid).

// Filter an Email Address
var_dump(filter_var('[email protected]', FILTER_VALIDATE_EMAIL)); // Returns: string(17) "[email protected]"

// This is a fake email being filtered.
var_dump(filter_var('', FILTER_VALIDATE_EMAIL)); // Returns: bool(false)

var_dump(filter_var('ema(i)[email protected]', FILTER_SANITIZE_EMAIL )); // Returns: string(17) "[email protected]"

// Filter a URL
var_dump(filter_var('', FILTER_VALIDATE_URL)); // Returns: bool(false)

// Filter a URL
var_dump(filter_var('', FILTER_VALIDATE_URL)); // Returns: string(18) ""

// Example usage
$email = '[email protected]'; // or something submitted from a form.
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ // If this returns false
	die('The email you send is invalid.');
View on Github

A handful of the useful available filters are:

  • FILTER_SANITIZE_STRING - Removes HTML tags and possibly unwanted characters.
  • FILTER_SANITIZE_EMAIL - Removes unwanted characters from an email address.
  • FILTER_SANITIZE_URL - Removes unwanted characters from a URL.
  • FILTER_SANITIZE_NUMBER_INT - Returns only digits,  + and -.
  • FILTER_VALIDATE_INT - If data is not an integer it will return false.
  • FILTER_VALIDATE_URL - If data is not a URL it will return false.
  • FILTER_VALIDATE_EMAIL - If data is not an email it will return false.
  • FILTER_VALIDATE_IP- If data is not an IP it will return false.