🔥 $100K Hit! Where Will Bitcoin Go Next? Find Out Live!

Code has been added to clipboard!

Learn to Use PHP Filter: Functions to up Your Security Level

Reading time 3 min
Published Aug 8, 2017
Updated Oct 15, 2019

We might have already discussed PHP filters once or twice. Using them is important for the safety of the website or application you are creating.

We prepared a clear list of PHP filter functions and predefined constants that you can quickly refer to. If suddenly you need to PHP validate strings, encode special characters or perform other filtering duties, we are here for your every need.

PHP Filter: Main Tips

  • PHP filters are used to sort, validate and otherwise filter data using PHP script.
  • Since the PHP version 5.2.0, the filter functions are available by default, so they don't have to be installed.
  • filter_var in PHP might be considered one of the most valuable functions.

Options for Runtime Configuration

Always remember that the work of these functions is affected by the settings located in php.ini:

Name Description Default value Changeable
filter.default Filter every $_POST, $_GET, $_REQUEST, $_COOKIE, and $_SERVER piece of data using this filter. This setting accepts the name of the particular filter you would like to use. You can see the PHP filters listed below. "unsafe_raw" PHP_INI_PERDIR
filter.default_flags Set the default flags that are applied whenever the default PHP filter is set. For backward compatibility reasons, this setting is, by default, set to FILTER_FLAG_NO_ENCODE_QUOTES. NULL PHP_INI_PERDIR
DataCamp
Pros
  • Easy to use with a learn-by-doing approach
  • Offers quality content
  • Gamified in-browser coding experience
  • The price matches the quality
  • Suitable for learners ranging from beginner to advanced
Main Features
  • Free certificates of completion
  • Focused on data science skills
  • Flexible learning timetable
Udacity
Pros
  • Simplistic design (no unnecessary information)
  • High-quality courses (even the free ones)
  • Variety of features
Main Features
  • Nanodegree programs
  • Suitable for enterprises
  • Paid Certificates of completion
edX
Pros
  • A wide range of learning programs
  • University-level courses
  • Easy to navigate
  • Verified certificates
  • Free learning track available
Main Features
  • University-level courses
  • Suitable for enterprises
  • Verified certificates of completion

List of Functions to Apply

In the table below, you can see a list of useful functions that can be used with PHP filters. They are valid in PHP 5.2 and all newer versions:

Function Description
filter_has_var() Check whether variable of a specified input type exists or not
filter_id() Return filter ID of specified filter name
filter_input() Get external variable (e.g. from form field input) then optionally filter
filter_input_array() Get external variables (e.g. from form field input) then optionally filter
filter_list() Return list of all supported filters
filter_var_array() Get multiple variables and filter them
filter_var() Filter variable with a specified filter

Relevant Predefined Constants

Take a look at these predefined constants. You may find them useful when performing PHP filtering as well:

Constant ID Description
FILTER_VALIDATE_BOOLEAN 258 Validate boolean
FILTER_VALIDATE_EMAIL 274 Validate e-mail address
FILTER_VALIDATE_FLOAT 259 Validate float
FILTER_VALIDATE_INT 257 Validate integer
FILTER_VALIDATE_IP 275 Validate IP address
FILTER_VALIDATE_REGEXP 272 Validate regular expression
FILTER_VALIDATE_URL 273 Validate URL
FILTER_SANITIZE_EMAIL 517 Remove every illegal character from e-mail address
FILTER_SANITIZE_ENCODED 514 Remove/Encode special characters
FILTER_SANITIZE_MAGIC_QUOTES 521 Apply addslashes() function
FILTER_SANITIZE_NUMBER_FLOAT 520 Remove every character, except for digits, +- and optionally .,eE
FILTER_SANITIZE_NUMBER_INT 519 Remove all characters except for digits and + -
FILTER_SANITIZE_SPECIAL_CHARS 515 Remove special characters
FILTER_SANITIZE_FULL_SPECIAL_CHARS 515 Rejects strings that have sequences of bytes that make invalid characters. Results in 0 length string
FILTER_SANITIZE_STRING 513 Remove tags/special characters from string
FILTER_SANITIZE_STRIPPED 513 Alias of FILTER_SANITIZE_STRING filter
FILTER_SANITIZE_URL 518 Remove every illegal character from a URL
FILTER_UNSAFE_RAW 516 Optionally strip/encode special characters
FILTER_CALLBACK 1024 Call user-defined function to filter data

PHP Filter: Summary

  • PHP filtering is useful for coders who need to handle (in most cases, validate and sort) the data.
  • Inbuilt PHP filters have been introduced with version 5.2. If you're using this version or a newer one, there's no need to install these functions separately.
  • Coders use filter_var in PHP codes very often for its flexibility.