PHP Filter and Filter Constant

PHP Filter is an extension that filters the data by either sanitizing or validating it. It plays a crucial role in the security of a website, especially useful when the data originates from unknown or foreign sources, like user-supplied input. For example data from an HTML form. 

There are mainly two types of filters which are listed below:

• Validation: is used to validate or check if the data meets certain qualifications or not. For example, passing in FILTER_VALIDATE_URL will determine if the data is a valid URL, but it will not change the existing data by itself.
• Sanitization: unlike validation, sanitization will sanitize data so as to ensure that no undesired characters are by removing or altered the data. For example, passing in FILTER_SANITIZE_EMAIL will remove all the characters that are inappropriate for an email address to contain. That said, it does not validate the data.

Example 1: PHP program to validate URL using FILTER_VALIDATE_URL filter. 

Example 2: PHP program to validate email using FILTER_VALIDATE_EMAIL filter. 

Example 3: PHP program to sanitize email using FILTER_SANITIZE _EMAIL filter. 

Filter Functions: The filter function is used to filter the data coming from an insecure source.

• filter_var(): Filters a specific variable.
• filter_var_array(): Filters multiple variables i.e. array of variables.
• filter_has_var(): Check if the variable of a specific input type exists or not
• filter_id(): It helps to get the filter id of the specified filter name.
• filter_list(): It returns a list of supported filter names in the form of an array.
• filter_input(): It gets an external variable and filters it if set to do so.
• filter_input_array(): It is the same as filter_input() but here Get multiple variables i.e. array of variable and filters them if set to do so.

Predefined Filter Constants: There are many predefined filter constants which are listed below:

• Validate filter constants:
  • FILTER_VALIDATE_BOOLEAN: Validates a boolean.
  • FILTER_VALIDATE_INT: Validates an integer.
  • FILTER_VALIDATE_FLOAT: Validates a float.
  • FILTER_VALIDATE_REGEXP: Validates a regular expression.
  • FILTER_VALIDATE_IP: Validates an IP address.
  • FILTER_VALIDATE_EMAIL: Validates an e-mail address.
  • FILTER_VALIDATE_URL: Validates an URL.
• Sanitize filter constants:
  • FILTER_SANITIZE_EMAIL: Removes all illegal characters from an e-mail address
  • FILTER_SANITIZE_ENCODED: Removes/Encodes special characters
  • FILTER_SANITIZE_MAGIC_QUOTES: Apply addslashes() function
  • FILTER_SANITIZE_NUMBER_FLOAT: Remove all characters, except digits, +- and optionally ., eE
  • FILTER_SANITIZE_NUMBER_INT: Removes all characters except digits and + –
  • FILTER_SANITIZE_SPECIAL_CHARS: Removes special characters
  • FILTER_SANITIZE_FULL_SPECIAL_CHARS: Encoding quotes can be disabled by using FILTER_FLAG_NO_ENCODE_QUOTES.
  • FILTER_SANITIZE_STRING : Removes tags/special characters from a string
  • FILTER_SANITIZE_STRIPPED : Alias of FILTER_SANITIZE_STRING
  • FILTER_SANITIZE_URL: Removes all illegal characters from s URL
• Other filter constants:
  • FILTER_UNSAFE_RAW: Do nothing, optionally strip/encode special characters
  • FILTER_CALLBACK: Call a user-defined function to filter data

Note: PHP filters are enabled by default in PHP 5.2.0 and newer versions. Installation requires for older versions. 

Reference: http://php.net/manual/en/filter.filters.sanitize.php