Easy way to data filter and validate in php

Before php 5.2.0 when we have to validate or filter user data, we normally use regex and some php functions. Some of those regex are difficult to understand. So normally most of the coders search in google to collect the correct regex to validate data and also use some php functions to filter data.

In php 5.2.0 a new extension is provided named filter to make these filter tasks much easy.  You can install it in your linux distro by simply typing in shell  pecl install filter

Before proceeding next at first check the available filters in your system:




Output in my system:



    [0] => int

    [1] => boolean

    [2] => float

    [3] => validate_regexp

    [4] => validate_url

    [5] => validate_email

    [6] => validate_ip

    [7] => string

    [8] => stripped

    [9] => encoded

    [10] => special_chars

    [11] => unsafe_raw

    [12] => email

    [13] => url

    [14] => number_int

    [15] => number_float

    [16] => magic_quotes

    [17] => callback


filter_list() is a method that returns a list of all supported filters.

Validate Email address

Normally we validate email address like this way

$email= "viral.solani@gmail.com";

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {

  echo"Valid email address.";



  echo"Invalid email address.";


But using php’s filter functions you can easily verify that

$email  = "viral.solani@gmail.com";

 if(filter_var($email, FILTER_VALIDATE_EMAIL)){

      echo" $email is valid email address <br />";


 $email= "viral.solani@gmail.com"; 

if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE){

      echo" $email is not a valid email address <br />";



viral.solani@gmail.com is valid email address

viral.solani@gmail,com is not a valid email address

So using filter_var() and its parameters you can easily validate email, url, ip address and more.

Check this link to learn what type of data you can validate via filter functions. Normally FILTER_VALIDATE_EMAIL, FILTER_VALIDATE_INT,FILTER_VALIDATE_URL, FILTER_VALIDATE_IP are mostly used.

Data Sanitization

Data sensitization is very important. As a coder never trust user’s input. User may push SQL injection code or javascript code. So always validate or sanitize data before use. To sanitize data you can use the same filter functions but you have to only provide sanitize filters as second parameter. Some commonly used sanitize filters are:


You’ll see detail list and description from here. For example to get valid string from user input

$userData= array(


               "<script>javascript alert('hi');</script>",

               'P*}i@893746%%%p*.i.*}}|.dw<?php echo "echo works!!";?>'


   $myinputs= filter_var_array($userData, FILTER_SANITIZE_STRING);







    [0] => bold

    [1] => javascript alert('hi');

    [2] => P*}i@893746%%%p*.i.*}}|.dw


filter_var_array() is used to get multiple variables and optionally filters them. And this function is very useful for retrieving many values without repetitively callingfilter_var().

Categories: PHP

One thought on “Easy way to data filter and validate in php

  1. Pingback: PHP « amithmehta

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s