PHP Advanced Filters

PHP advanced filters typically refer to the filter_var_array and filter_input_array functions. These functions allow you to apply multiple filters to an array of data in a concise manner, providing a powerful way to validate and sanitize data in bulk.

Let's explore these advanced filters with examples and clarifications :

filter_var_array example

Sanitization and Validation

$data = array(
    "name" => "John Doe",
    "email" => "john@example.com",
    "age" => "25",
    "website" => "http://www.example.com",
    "ip_address" => "192.168.0.1"
);

$filters = array(
    "name" => array("filter" => FILTER_SANITIZE_STRING),
    "email" => array("filter" => FILTER_VALIDATE_EMAIL),
    "age" => array("filter" => FILTER_VALIDATE_INT, "options" => array("min_range" => 1, "max_range" => 120)),
    "website" => array("filter" => FILTER_VALIDATE_URL),
    "ip_address" => array("filter" => FILTER_VALIDATE_IP)

);

$filtered_data = filter_var_array($data, $filters);

var_dump($filtered_data);

The $data array contains various types of data, including a name, an email, and an age.
The $filters array specifies the filters to be applied to each element in $data.
For the "name" key, it applies the FILTER_SANITIZE_STRING filter to sanitize the string.
For the "email" key, it applies the FILTER_VALIDATE_EMAIL filter to validate the email.
For the "age" key, it applies the FILTER_VALIDATE_INT filter with additional options to ensure the age is within a specified range.
The filter_var_array function processes each element in the $data array according to the specified filters, and the result is stored in $filtered_data.
Output: var_dump($filtered_data) displays the filtered data, showing the impact of the applied filters on each field.

Custom Filter function for Validating and Sanitizing

$data = array(
function customFilter($value) {
    // Add your custom validation/sanitization logic
    $filteredValue = /* ... */;
    return $filteredValue;
}

$userInput = "custom_input";

$filteredInput = filter_var($userInput, FILTER_CALLBACK, ['options' => 'customFilter']);

echo "Original Input: $userInput<br>";
echo "Filtered Input: $filteredInput";

The provided code defines a custom filter function (customFilter) and applies it to a sample input ($userInput) using filter_var with FILTER_CALLBACK, allowing you to add your own validation or sanitization logic.

filter_input_array Example

$filters = array(
    "name" => FILTER_SANITIZE_STRING,
    "email" => FILTER_VALIDATE_EMAIL,
    "age" => array("filter" => FILTER_VALIDATE_INT, "options" => array("min_range" => 1, "max_range" => 120)),
    "website" => FILTER_VALIDATE_URL,
    "ip_address" => FILTER_VALIDATE_IP
);

$input_data = filter_input_array(INPUT_POST, $filters);

var_dump($input_data);

This example uses filter_input_array to filter data from the $_POST superglobal.
The $filters array specifies the filters for each input field (name, email, age).
For the "name" field, it applies the FILTER_SANITIZE_STRING filter to sanitize the string.
For the "email" field, it applies the FILTER_VALIDATE_EMAIL filter to validate the email.
For the "age" field, it applies the FILTER_VALIDATE_INT filter with additional options to ensure the age is within a specified range.
The result is stored in the $input_data array, and you can use this data in your application.

Example: Validate and Sanitize Input from Form using filter_input():

Assuming you have a form with a field named user_input submitted using the POST method:

<!-- HTML Form -->
<form method="post" action="">
    <label for="user_input">User Input:</label>
    <input type="text" name="user_input" id="user_input">
    <input type="submit" value="Submit">
</form>

Now, in your PHP script:

<?php

// Get and sanitize input from the form
$userInput = filter_input(INPUT_POST, 'user_input', FILTER_SANITIZE_STRING);

// Check if the form was submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  // Validate the input
    if (filter_var($userInput, FILTER_VALIDATE_INT)) {
        echo "Valid integer: $userInput";
    } else {
        echo "Invalid input";
    }
}

?>

filter_input(INPUT_POST, 'user_input', FILTER_SANITIZE_STRING) gets the value of the 'user_input' field from the POST data and sanitizes it as a string.
filter_var($userInput, FILTER_VALIDATE_INT) then further validates that the sanitized input is a valid integer.

These advanced filtering techniques with filter_var_array and filter_input_array are powerful tools for processing data efficiently in a structured way. They are particularly useful when dealing with form submissions or batches of data.

Forum topics

Select Categorie

Top users level

Display users