Input validation with filter functions
Introduction
Although PHP has a lot of filter functions available, I found that still to many people are using (often incorrect) regular expressions to validate user input. The filter extension is simple, standard available and will fulfill the common validations. Below some pratical examples and things to consider when working with PHP filter functions.
Which are available?
Below a shameless copy paste of the PHP documentation.
- filter_has_var — Checks if variable of specified type exists
- filter_id — Returns the filter ID belonging to a named filter
- filter_input_array — Gets external variables and optionally filters them
- filter_input — Gets a specific external variable by name and optionally filters it
- filter_list — Returns a list of all supported filters
- filter_var_array — Gets multiple variables and optionally filters them
- filter_var — Filters a variable with a specified filter
Pratical use
Sanitizing
“Filter input escape output” every developer knows this but it is a repetitive job but with the filter extension filterering input became a lot easier. When you correctly filter input you drastically lower the change of application vulnerabilities.
Sanitizing a single variable
$sText = ' ';
$sText = filter_var($sText, FILTER_SANITIZE_STRING);
echo $sText; // This is a comment from a alert("scriptkiddie");
Sanitizing multiple variables, same principle as above but with an array, the filter will sanitize all values inside the array
filter_var_array($_POST, FILTER_SANITIZE_STRING);
Validating an email address
if(filter_var($sEmail, FILTER_VALIDATE_EMAIL) === false) {
$this->addError('Invalid email address', $sEmail);
}
Validation a complete array
Validating all your data at once with a single filter will make your code clear, all in one place and is more easy to maintain an example below.
$aData = array(
'student' => 'Sjoerd Maessen',
'class' => '21',
'grades' => array(
'math' => 9,
'geography' => 66,
'gymnastics' => 7.5
)
);
$aValidation = array(
'student' => FILTER_SANITIZE_STRING,
'class' => FILTER_VALIDATE_INT,
'grades' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_FORCE_ARRAY,
'options'=> array('min_range'=>0, 'max_range'=>10))
);
echo '';
var_dump(filter_var_array($aData, $aValidation));
/*array(3) {
["student"]=>
string(14) "Sjoerd Maessen"
["class"]=>
int(21) // Thats strange, my string is converted
["grades"]=>
array(3) {
["math"]=>
int(9)
["geography"]=>
bool(false) // 66 is > 10
["gymnastics"]=>
bool(false) // 7.5 is not an int
}
}*/
Note: okay I did not expect that the string '21' would validate true against FILTER_VALIDATE_INT, after some more testing I also noticed that min_range and max_range only work with FILTER_VALIDATE_INT, when using floats or scalars the options are just ignored, so be aware!
The sanitizing examples above can be made easily more restrictive by adding flags like FILTER_FLAG_STRIP_LOW to the sanitize filter, FILTER_FLAG_STRIP_LOW will for example strip all characters that have a numerical value below 32.
Things to consider
Although the filter functions are some time available some of them aren't flawless, at some points the documentation is missing or very unclear. Another example is the filter_var validation for IPv6 addresses. (see bug report #50117). So it is always a good thing to check if the filter is really doing what you expect it does. Write testcases before using. If you use it correctly you can write your validations in the blink of an eye, and this extension will be your new best friend.
Links
Filter functions
Filter flags
gabapentin mexican pharmacy [url=http://mexicarerxhub.com/#]order from mexican pharmacy online[/url] trusted mexico pharmacy with US shipping
JamesCoaby
31 Jul 25 at 7:59 pm
https://mexicarerxhub.shop/# MexiCare Rx Hub
Jessegap
31 Jul 25 at 10:22 pm
canadian pharmacy review: CanadRx Nexus – pet meds without vet prescription canada
Richardbog
31 Jul 25 at 10:56 pm
MexiCare Rx Hub: finasteride mexico pharmacy – MexiCare Rx Hub
Samuelarori
31 Jul 25 at 11:59 pm
CanadRx Nexus: cross border pharmacy canada – CanadRx Nexus
Richardquaxy
1 Aug 25 at 12:28 am
online canadian pharmacy reviews [url=https://canadrxnexus.shop/#]canadian pharmacy meds[/url] CanadRx Nexus
JamesCoaby
1 Aug 25 at 1:31 am
zithromax mexican pharmacy: tadalafil mexico pharmacy – MexiCare Rx Hub
Richardbog
1 Aug 25 at 5:05 am
кайт лагерь Обучение кайтсёрфингу: Первый шаг к новым ощущениям. Научитесь управлять стихией и покорять волны!
Kennethvut
1 Aug 25 at 6:25 am
accutane mexico buy online: MexiCare Rx Hub – buy from mexico pharmacy
Samuelarori
1 Aug 25 at 6:59 am
medicine in mexico pharmacies: MexiCare Rx Hub – MexiCare Rx Hub
Richardquaxy
1 Aug 25 at 7:35 am
onlinecanadianpharmacy 24 [url=https://canadrxnexus.shop/#]canadianpharmacy com[/url] CanadRx Nexus
JamesCoaby
1 Aug 25 at 8:25 am
buy kamagra oral jelly mexico: MexiCare Rx Hub – MexiCare Rx Hub
Richardbog
1 Aug 25 at 8:30 am
MexiCare Rx Hub: buy meds from mexican pharmacy – buy meds from mexican pharmacy
Richardbog
1 Aug 25 at 12:21 pm
http://indigenixpharm.com/# IndiGenix Pharmacy
Jessegap
1 Aug 25 at 1:15 pm
MexiCare Rx Hub: MexiCare Rx Hub – MexiCare Rx Hub
Samuelarori
1 Aug 25 at 2:31 pm
Hiya! I know this is kinda off topic however , I’d figured I’d ask. Would you be interested in exchanging links or maybe guest authoring a blog article or vice-versa? My website goes over a lot of the same topics as yours and I feel we could greatly benefit from each other. If you’re interested feel free to send me an e-mail. I look forward to hearing from you! Excellent blog by the way!
can i order vermox for sale
StephenGlona
1 Aug 25 at 2:39 pm
IndiGenix Pharmacy: india pharmacy – IndiGenix Pharmacy
Richardquaxy
1 Aug 25 at 3:14 pm
IndiGenix Pharmacy [url=http://indigenixpharm.com/#]п»їlegitimate online pharmacies india[/url] IndiGenix Pharmacy
JamesCoaby
1 Aug 25 at 3:34 pm
IndiGenix Pharmacy: reputable indian online pharmacy – IndiGenix Pharmacy
Richardbog
1 Aug 25 at 7:42 pm
IndiGenix Pharmacy: cheapest online pharmacy india – IndiGenix Pharmacy
Samuelarori
1 Aug 25 at 10:08 pm
canadian pharmacy tampa [url=https://canadrxnexus.shop/#]CanadRx Nexus[/url] CanadRx Nexus
JamesCoaby
1 Aug 25 at 10:42 pm
MexiCare Rx Hub: MexiCare Rx Hub – mexico drug stores pharmacies
Richardquaxy
1 Aug 25 at 10:48 pm
IndiGenix Pharmacy: IndiGenix Pharmacy – IndiGenix Pharmacy
Richardbog
2 Aug 25 at 3:02 am
low cost mexico pharmacy online: MexiCare Rx Hub – MexiCare Rx Hub
Samuelarori
2 Aug 25 at 5:40 am
https://indigenixpharm.com/# IndiGenix Pharmacy
Jessegap
2 Aug 25 at 5:42 am
MexiCare Rx Hub [url=http://mexicarerxhub.com/#]MexiCare Rx Hub[/url] buy modafinil from mexico no rx
JamesCoaby
2 Aug 25 at 5:53 am
mexican rx online: reputable mexican pharmacies online – MexiCare Rx Hub
Richardquaxy
2 Aug 25 at 6:20 am
MexiCare Rx Hub: MexiCare Rx Hub – medication from mexico pharmacy
Richardquaxy
2 Aug 25 at 1:53 pm
prescription drugs mexico pharmacy: generic drugs mexican pharmacy – generic drugs mexican pharmacy
Richardbog
2 Aug 25 at 5:45 pm
MexiCare Rx Hub [url=http://mexicarerxhub.com/#]legit mexican pharmacy without prescription[/url] MexiCare Rx Hub
JamesCoaby
2 Aug 25 at 8:06 pm
IndiGenix Pharmacy: IndiGenix Pharmacy – indianpharmacy com
Samuelarori
2 Aug 25 at 8:46 pm
CanadRx Nexus: cheapest pharmacy canada – CanadRx Nexus
Richardquaxy
2 Aug 25 at 9:30 pm
https://mexicarerxhub.com/# medicine in mexico pharmacies
Jessegap
2 Aug 25 at 10:27 pm
MexiCare Rx Hub: buy propecia mexico – safe place to buy semaglutide online mexico
Richardbog
3 Aug 25 at 1:06 am
CanadRx Nexus [url=http://canadrxnexus.com/#]canadian pharmacy sarasota[/url] CanadRx Nexus
JamesCoaby
3 Aug 25 at 3:14 am
IndiGenix Pharmacy: IndiGenix Pharmacy – IndiGenix Pharmacy
Samuelarori
3 Aug 25 at 4:22 am
world pharmacy india: top 10 online pharmacy in india – IndiGenix Pharmacy
Richardquaxy
3 Aug 25 at 5:08 am
canadian pharmacy ltd: CanadRx Nexus – CanadRx Nexus
Richardbog
3 Aug 25 at 8:34 am
Hello to every one, the contents existing at this website are actually amazing for people knowledge, well, keep up the good work fellows.
https://images.google.cf/url?q=https://seattlelimorates.com/
ShaneDrync
3 Aug 25 at 9:46 am
MexiCare Rx Hub [url=http://mexicarerxhub.com/#]MexiCare Rx Hub[/url] order kamagra from mexican pharmacy
JamesCoaby
3 Aug 25 at 10:46 am
india pharmacy mail order: IndiGenix Pharmacy – buy prescription drugs from india
Samuelarori
3 Aug 25 at 12:03 pm
rybelsus for prediabetes: semaglutide thyroid – AsthmaFree Pharmacy
Antonionek
3 Aug 25 at 1:01 pm
AsthmaFree Pharmacy: januvia vs rybelsus – como tomar rybelsus
Raymondheaps
3 Aug 25 at 1:01 pm
https://asthmafreepharmacy.com/# ventolin nebulizer
Jefferyled
3 Aug 25 at 2:31 pm
pastillas rybelsus: semaglutide compounded – AsthmaFree Pharmacy
Raymondheaps
3 Aug 25 at 3:20 pm
relief from muscle spasms online [url=http://relaxmedsusa.com/#]cheap muscle relaxer online USA[/url] prescription-free muscle relaxants
Harryinapy
3 Aug 25 at 5:32 pm
2nbxqn
* * * Get Free Bitcoin Now * * * hs=1c988338b2d81320bb388cb9065e9bd7* ххх*
3 Aug 25 at 6:58 pm
ivermectin 0.08 oral solution: IverCare Pharmacy – IverCare Pharmacy
Antonionek
3 Aug 25 at 7:09 pm
can you buy ventolin over the counter in usa: AsthmaFree Pharmacy – how much is ventolin
Raymondheaps
3 Aug 25 at 8:49 pm
injectable semaglutide [url=http://glucosmartrx.com/#]AsthmaFree Pharmacy[/url] semaglutide generic
Harryinapy
3 Aug 25 at 11:34 pm