How to Use the filter_var() Function in PHP
The filter_var() function is used for filtering a variable with a particular filter. You can use it for both validating and sanitizing data. The syntax of this function is as follows:
filter_var(var, filtername, options)On success it returns the filtered data, otherwise, FALSE. Below, we will consider several use cases of the filter_var() function.
Sanitizing a String
In the example, demonstrated below, you can see how to sanitize a string with filter_var(): It will remove all HTML tags from the string.
<?php
$str = "<h1>W3docs!</h1>";
$newstr = filter_var($str, FILTER_SANITIZE_STRING);
echo $newstr;
?>The output of the example is as follows:
W3docs!
Validating an Integer
In this section, we will demonstrate how to use filter_var() for testing whether the $int variable is an integer. If it is an integer, the code output will be "Valid integer". Otherwise, it will show: "Invalid Integer".
Here is how the example will look like:
<?php
$int = 200;
if (filter_var($int, FILTER_VALIDATE_INT) === 0 || !filter_var($int, FILTER_VALIDATE_INT) === false) {
echo "Valid integer";
} else {
echo "Invalid Integer";
}
?>The output will show a valid integer:
Valid integer
Validating an IP Address
Below, you can see an example of using the filter_var() function for validating an IP address:
<?php
$ip = "129.0.0.1";
if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
echo "$ip is a valid IP address";
} else {
echo "$ip is not a valid IP address";
}
?>The output will show:
129.0.0.1 is a valid IP address
Sanitizing and Validating an Email
Let’s see an example of using filter_var() for deleting illegal characters from the $email variable and checking whether it is a valid Email or not.
Here is how it looks like:
<?php
$email = "[email protected]";
// Removing all the illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
// Validate e-mail
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
echo "$email is a valid email address";
} else {
echo "$email is not a valid email address";
}
?>The output is:
[email protected] is a valid email address
Sanitizing and Validating a URL
The example, demonstrated below, applies filter_var() for removing the overall illegal characters from the URL and checking whether the $url is valid or not:
<?php
$url = "https://www.w3docs.com";
// Remove overall illegal characters from a URL
$url = filter_var($url, FILTER_SANITIZE_URL);
// Validate url
if (!filter_var($url, FILTER_VALIDATE_URL) === false) {
echo "$url is a valid URL";
} else {
echo "$url is not a valid URL";
}
?>The output will look as follows:
https://www.w3docs.com is a valid URL
Describing the filter_var Function
As it was noted at the beginning of our snippet, filter_var() is used for filtering a variable with a particular filter. It can be used for both validating and sanitizing the data.
It includes three parameters: variable, filter, and options.
More information about the filter_var() function can be found here.