Sjoerd Maessen blog

Input validation with filter functions

Written by

in

Introduction
Although PHP has a lot of filter functions available, I found that still to many people are using (often incorrect) regular expressions to validate user input. The filter extension is simple, standard available and will fulfill the common validations. Below some pratical examples and things to consider when working with PHP filter functions.

Which are available?
Below a shameless copy paste of the PHP documentation.

  • filter_has_var — Checks if variable of specified type exists
  • filter_id — Returns the filter ID belonging to a named filter
  • filter_input_array — Gets external variables and optionally filters them
  • filter_input — Gets a specific external variable by name and optionally filters it
  • filter_list — Returns a list of all supported filters
  • filter_var_array — Gets multiple variables and optionally filters them
  • filter_var — Filters a variable with a specified filter

Pratical use

Sanitizing
“Filter input escape output” every developer knows this but it is a repetitive job but with the filter extension filterering input became a lot easier. When you correctly filter input you drastically lower the change of application vulnerabilities.

Sanitizing a single variable

$sText = ' ';
$sText = filter_var($sText, FILTER_SANITIZE_STRING);
echo $sText; // This is a comment from a alert("scriptkiddie");

Sanitizing multiple variables, same principle as above but with an array, the filter will sanitize all values inside the array

filter_var_array($_POST, FILTER_SANITIZE_STRING);

Validating an email address

if(filter_var($sEmail, FILTER_VALIDATE_EMAIL) === false) {
     $this->addError('Invalid email address', $sEmail);
}

Validation a complete array
Validating all your data at once with a single filter will make your code clear, all in one place and is more easy to maintain an example below.

$aData = array(
	'student'	=> 'Sjoerd Maessen',
	'class'		=> '21',
	'grades' => array(
			'math' => 9,
			'geography' => 66,
			'gymnastics' => 7.5
	)
);

$aValidation = array(
	'student'	=> FILTER_SANITIZE_STRING,
	'class'		=> FILTER_VALIDATE_INT,
	'grades'	=> array(
				'filter' => FILTER_VALIDATE_INT,
				'flags'	 => FILTER_FORCE_ARRAY,
				'options'=> array('min_range'=>0, 'max_range'=>10))
);

echo '
';
var_dump(filter_var_array($aData, $aValidation));

/*array(3) {
  ["student"]=>
  string(14) "Sjoerd Maessen"
  ["class"]=>
  int(21) // Thats strange, my string is converted
  ["grades"]=>
  array(3) {
    ["math"]=>
    int(9)
    ["geography"]=>
    bool(false) // 66 is > 10
    ["gymnastics"]=>
    bool(false) // 7.5 is not an int
  }
}*/



Note: okay I did not expect that the string '21' would validate true against FILTER_VALIDATE_INT, after some more testing I also noticed that min_range and max_range only work with FILTER_VALIDATE_INT, when using floats or scalars the options are just ignored, so be aware!


The sanitizing examples above can be made easily more restrictive by adding flags like FILTER_FLAG_STRIP_LOW to the sanitize filter, FILTER_FLAG_STRIP_LOW will for example strip all characters that have a numerical value below 32.


Things to consider

Although the filter functions are some time available some of them aren't flawless, at some points the documentation is missing or very unclear. Another example is the filter_var validation for IPv6 addresses. (see bug report #50117). So it is always a good thing to check if the filter is really doing what you expect it does. Write testcases before using. If you use it correctly you can write your validations in the blink of an eye, and this extension will be your new best friend.


Links

Filter functions

Filter flags

Comments

2,750 responses to “Input validation with filter functions”

  1. Michaelanoli Avatar
    Michaelanoli

    https://umassindiapharm.xyz/# Umass India Pharm

  2. Kennethdiera Avatar
    Kennethdiera

    canadapharmacyonline legit: Nyu Pharm – canadian pharmacy king reviews

  3. JosephBab Avatar
    JosephBab

    Unm Pharm: Unm Pharm – Unm Pharm

  4. CraigKab Avatar
    CraigKab

    top online pharmacy india Online medicine order Umass India Pharm

  5. Kennethdiera Avatar
    Kennethdiera

    Unm Pharm: buying from online mexican pharmacy – mexican online pharmacies prescription drugs

  6. JosephBab Avatar
    JosephBab

    Unm Pharm: Unm Pharm – Unm Pharm

  7. Michaelanoli Avatar
    Michaelanoli

    https://nyupharm.com/# canadianpharmacymeds com

  8. CraigKab Avatar
    CraigKab

    Umass India Pharm buy prescription drugs from india Umass India Pharm

  9. DelmarDap Avatar
    DelmarDap

    http://nyupharm.com/# legitimate canadian pharmacy online

  10. Kennethdiera Avatar
    Kennethdiera

    best mexican online pharmacies: Unm Pharm – Unm Pharm

  11. JosephBab Avatar
    JosephBab

    online canadian pharmacy: Nyu Pharm – legal canadian pharmacy online

  12. Michaelanoli Avatar
    Michaelanoli

    https://unmpharm.xyz/# zithromax mexican pharmacy

  13. Colindag Avatar
    Colindag

    регистрация в sykaaa casino

  14. Kennethdiera Avatar
    Kennethdiera

    reddit canadian pharmacy: Nyu Pharm – canadian pharmacy review

  15. CraigKab Avatar
    CraigKab

    indian pharmacy online india pharmacy mail order cheapest online pharmacy india

  16. JosephBab Avatar
    JosephBab

    viagra pills from mexico: legit mexico pharmacy shipping to USA – accutane mexico buy online

  17. DelmarDap Avatar
    DelmarDap

    https://nyupharm.xyz/# reliable canadian pharmacy

  18. Michaelanoli Avatar
    Michaelanoli

    https://umassindiapharm.xyz/# reputable indian pharmacies

  19. Kennethdiera Avatar
    Kennethdiera

    purple pharmacy mexico price list: Unm Pharm – Unm Pharm

  20. JustinBucky Avatar
    JustinBucky

    Зайди на обновленный официальный сайт > http://www.medtronik.ru/

  21. JosephBab Avatar
    JosephBab

    buy drugs from canada: northwest pharmacy canada – canadapharmacyonline com

  22. Michaelanoli Avatar
    Michaelanoli

    https://unmpharm.xyz/# Unm Pharm

  23. ArthurAcams Avatar
    ArthurAcams

    бездепозитные бонусы в казино 2026

  24. CraigKab Avatar
    CraigKab

    canadian online drugs Nyu Pharm canada pharmacy reviews

  25. Kennethdiera Avatar
    Kennethdiera

    canadianpharmacy com: canadian pharmacy king reviews – real canadian pharmacy

  26. JosephBab Avatar
    JosephBab

    Umass India Pharm: buy prescription drugs from india – Umass India Pharm

  27. Michaelanoli Avatar
    Michaelanoli

    https://unmpharm.com/# Unm Pharm

  28. CraigKab Avatar
    CraigKab

    Unm Pharm buy antibiotics over the counter in mexico buy cialis from mexico

  29. Kennethdiera Avatar
    Kennethdiera

    indian pharmacy online: best online pharmacy india – Umass India Pharm

  30. JosephBab Avatar
    JosephBab

    Umass India Pharm: Umass India Pharm – Umass India Pharm

  31. Michaelanoli Avatar
    Michaelanoli

    https://nyupharm.xyz/# canadian pharmacy 24 com

  32. DelmarDap Avatar
    DelmarDap

    https://unmpharm.xyz/# Unm Pharm

  33. AaronSeday Avatar
    AaronSeday

    новые бездепозитные бонусы в казино

  34. Kennethdiera Avatar
    Kennethdiera

    Umass India Pharm: best india pharmacy – best online pharmacy india

  35. JosephBab Avatar
    JosephBab

    trustworthy canadian pharmacy: canadianpharmacyworld – cheap canadian pharmacy

  36. Michaelanoli Avatar
    Michaelanoli

    https://unmpharm.com/# mexican pharmacy for americans

  37. CraigKab Avatar
    CraigKab

    india online pharmacy Umass India Pharm mail order pharmacy india

  38. DelmarDap Avatar
    DelmarDap

    http://umassindiapharm.com/# Umass India Pharm

  39. Kennethdiera Avatar
    Kennethdiera

    cheap canadian pharmacy: adderall canadian pharmacy – northwest canadian pharmacy

  40. JosephBab Avatar
    JosephBab

    buy antibiotics over the counter in mexico: Unm Pharm – online mexico pharmacy USA

  41. Michaelanoli Avatar
    Michaelanoli

    https://nyupharm.xyz/# legitimate canadian pharmacies

  42. CraigKab Avatar
    CraigKab

    Umass India Pharm Umass India Pharm Umass India Pharm

  43. Kennethdiera Avatar
    Kennethdiera

    buying from online mexican pharmacy: Unm Pharm – Unm Pharm

  44. JosephBab Avatar
    JosephBab

    safe place to buy semaglutide online mexico: Unm Pharm – finasteride mexico pharmacy

  45. Michaelanoli Avatar
    Michaelanoli

    http://umassindiapharm.com/# best india pharmacy

  46. Kennethdiera Avatar
    Kennethdiera

    Umass India Pharm: online shopping pharmacy india – Umass India Pharm

  47. JosephBab Avatar
    JosephBab

    Umass India Pharm: online pharmacy india – india online pharmacy

  48. Roberttar Avatar
    Roberttar

    новые бездепозитные бонусы в казино

  49. Michaelanoli Avatar
    Michaelanoli

    http://nyupharm.com/# canada drugs

  50. CraigKab Avatar
    CraigKab

    buy canadian drugs Nyu Pharm canada pharmacy

Older Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts