Broad Network


The filter_var function for PHP Form Validation

PHP Validation of HTML Form Data Made Simple – Part 1

Foreword: In this tutorial I explain how to validate HTML Form data at the server, using PHP.

By: Chrysanthus Date Published: 29 Aug 2013

Introduction

This is part 1 of my series, PHP Validation of HTML Form Data - Made Simple. In this tutorial I explain how to validate HTML Form data at the server, using PHP. PHP has a function called the filter_var() function; this function does all the tricks for you. All you have to do is to know how to use the function.

Note: the output of all the code samples of this tutorial series are sent to the browser.

Note: in this article, if you cannot see any text or piece of code or if you think something (e.g. an image) is missing or link does not operate, or just want to comment, contact me at forchatrans@yahoo.com .

Pre-Knowledge
Click the link titled, “Web Development Course” below to know what you should have studied before reaching here.

Validation
When the web user types an email in the email field of an HTML form, he may make a mistake. A scammer or spammer may also type something that looks like an email but is not an email. So, whatever is typed should be checked by program code to be sure that it is an email; that is validation. The kind of validation here (this tutorial) will not check if the email is to a wrong address; but it will check if the email syntax (rules for writing the email) is correct.

HTML Validation
HTML today, can validate email and other data types using simpler code than the use of the PHP filter_var() function. There are two problems with HTML validation: Before the data reaches the server, a hacker might have tempered with it. The second problem is as follows: it is possible for a scammer or spammer to open the text source version of the web page, remove the simple HTML validation code from the text source version, then save the text source version as the web page and then send the Form data to the server without validation. Because of these reasons, there should be validation at the server.

Data Types Validated by the filter_var() function
Data types that can be validated by the PHP filter_var() function are: Boolean, float, int, email, URL, Internet-IP, and regexp (regular expression).

The filter_var() function
The syntax of the filter_var() function is:

    mixed filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT [, mixed $options ]] )

Note: the value of $variable is the field value of the HTML Form. The $filter and $options parameters are optional. However, in order to have $options, you need to have $filter first, as indicated by the square brackets. The $filter argument is called the ID of the filter. I explain how to use the function below.

The function returns the validated datum or FALSE if it fails. Validated datum here, means datum that has no syntax error. Datum is singular (grammar) for data.

The Boolean Data Type
In simple terms, you test the Boolean type with the filter_var() function as follows:

    mixed filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT])

$variable has the value from an HTML Form field. The value to use for the $filter parameter here is FILTER_VALIDATE_BOOLEAN. Now, if $variable is "1" or "true" or "on" or "yes", the filter_var() function returns TRUE. For any other value, FALSE is returned. For the Boolean type, the following code snippet holds:

    $bool = "yes";

    if (!filter_var($bool, FILTER_VALIDATE_BOOLEAN))
        {
            echo "Field does not have a valid Boolean value.";
        }

If you try this code, nothing will be echoed; that is alright because of the ! in front of the function.

The int Data Type
In simple terms, you test the int type with the filter_var() function as follows:

    mixed filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT])

$variable has the value from an HTML Form field. The value to use for the $filter parameter here is FILTER_VALIDATE_INT. Now, if $variable is a valid int number, the filter_var() function returns TRUE. For any other value, FALSE is returned. For the int type, the following code snippet holds:

    $int = 12;

    if (!filter_var($int, FILTER_VALIDATE_INT))
        {
            echo "Field does not have a valid Integer value.";
        }

If you try this code, nothing will be echoed; that is alright because of the ! in front of the function. The value for the integer can have spaces in front or after it.

The float Data Type
In simple terms, you test the float type with the filter_var() function as follows:

    mixed filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT])

$variable has the value from an HTML Form field. The value to use for the $filter parameter here is FILTER_VALIDATE_FLOAT. Now, if $variable is a valid float number, the filter_var() function returns TRUE. For any other value, FALSE is returned. For the float type, the following code snippet holds:

    $float = 2.5;

    if (!filter_var($float, FILTER_VALIDATE_FLOAT))
        {
            echo "Field does not have a valid Float value.";
        }

If you try this code, nothing will be echoed; that is alright because of the ! in front of the function. The value for the float can have spaces in front or after it.

The email Data Type
In simple terms, you test the email type with the filter_var() function as follows:

    mixed filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT])

$variable has the value (email) from an HTML Form field. The value to use for the $filter parameter here is FILTER_VALIDATE_EMAIL. Now, if $variable is a valid email address, the filter_var() function returns TRUE. If the email syntax is wrong, FALSE is returned. For the email type, the following code snippet holds:

    $email = "me@you.com";

    if (!filter_var($email, FILTER_VALIDATE_EMAIL))
        {
            echo "Field does not have a valid email value.";
        }

If you try this code, nothing will be echoed; that is alright because of the ! in front of the function. Note: the email should not have space in its front or after.

The URL Data Type
An example of a URL is:

http://www.broad-network.com/ChrysanthusForcha/Variables-as-Synonyms-in-PHP.htm

In simple terms, you test the URL type with the filter_var() function as follows:

    mixed filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT])

$variable has the value (URL) from an HTML Form field. The value to use for the $filter parameter here is FILTER_VALIDATE_URL. Now, if $variable is a valid URL the filter_var() function returns TRUE. If the URL syntax is wrong, FALSE is returned. For the URL type, the following code snippet holds:

    $url = "http://www.broad-network.com/ChrysanthusForcha/Variables-as-Synonyms-in-PHP.htm";

    if (!filter_var($url, FILTER_VALIDATE_URL))
        {
            echo "Field does not have a valid URL value.";
        }

If you try this code, nothing will be echoed; that is alright because of the ! in front of the function. Note: the URL should not have any space in its front or after.

The IP Data Type
An example of an IP address is:

    192.52.34.166

An IP address can be typed in place of the web site address, such as

    http://www.somesite.com

In simple terms, you test the IP type with the filter_var() function as follows:

    mixed filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT])

$variable has the value (IP address) from an HTML Form field. The value to use for the $filter parameter here is FILTER_VALIDATE_IP. Now, if $variable is a valid IP address (IPv4 or IPv6) the filter_var() function returns TRUE. If the IP syntax is wrong, FALSE is returned. For the IP type, the following code snippet holds:

    $ip = 192.52.34.166;

    if (!filter_var($ip, FILTER_VALIDATE_IP))
        {
            echo "Field does not have a valid IP value.";
        }

If you try this code, nothing will be echoed; that is alright because of the ! in front of the function. The IP number (address) may or may not be in quotes. Note: the IP address should not have any space in its front or after.

The Regexp Data Type
regexp is a regular expression as in:

    $re = "/J.hn/";

For that you can have the subject,

    $subject = "John";

The PHP function,

    preg_match($re, $subject)

will return 0 for no match or 1 for a match, with the above subject:

You can fit the regular expression scheme into the filter_var() function. In this case, the syntax of the filter_var() function is:

    mixed filter_var ( mixed $variable [, int $filter = FILTER_DEFAULT [, mixed $options ]] )

$variable has the value from an HTML Form field. For the regexp data type, the value for the $filter parameter is,

    FILTER_VALIDATE_REGEXP

and the value for the $options parameter is a two-dimensional array such as,

    $options = array();
    $options['options']['regexp'] = "/J.hn/";

where 'regexp' indicates the regexp type. These two lines show one way to code a PHP 2D array.

For the regexp type and the filter_var() function, the following code snippet holds:

    $subject = "John";

    $options = array();
    $options['options']['regexp'] = "/J.hn/";

    if (!filter_var($subject, FILTER_VALIDATE_REGEXP, $options))
        {
            echo "Field does not have a valid value type.";
        }

The filter_var() function used as such, has an implied preg_match() function. The filter_var() function still returns $subject, if it is valid; otherwise it returns FALSE.

If you try this code, nothing will be echoed; that is alright because of the ! in front of the function.

That is it for this part of the series. We stop here and continue in the next part.

Chrys

If you like this article, plus it by clicking:

Related Links

Conventional Web Development with PHP and MySQL
PHP Validation of HTML Form Data - Made Simple
Web Live Text Chart Application with PHP and MySQL
Searching a Social Network Site with PHP and MySQL
Page Views with Ajax and PHP and MySQL
More Related Links
Major in Website Design
PHP Course
Web Development Course

NEXT

Comments

Become the Writer's Fan
Send the Writer a Message