PHP-Advance/09_filters.php at main · Simcoderan/PHP-Advance · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<?php
// 09_filters.php
// 📘 PHP FILTERS — Validation & Sanitization Examples

/*
------------------------------------------------------------
🔹 VALIDATION vs SANITIZATION
------------------------------------------------------------
Validating data = Checking if data is in correct format (e.g., email, int)
Sanitizing data = Removing unwanted or illegal characters

Why filters?
- To secure input from users, cookies, APIs, databases
- Avoid invalid/unsafe data causing errors or security risks

PHP has a built-in Filter Extension with many useful tools
*/

// ✅ Display all available PHP filters in a table
?>

<!DOCTYPE html>
<html>
<head>
    <title>PHP Filters</title>
</head>
<body>

<h2>🧪 List of Available Filters</h2>
<table border="1" cellpadding="8">
    <tr>
        <th>Filter Name</th>
        <th>Filter ID</th>
    </tr>
    <?php
    foreach (filter_list() as $filter) {
        echo "<tr><td>$filter</td><td>" . filter_id($filter) . "</td></tr>";
    }
    ?>
</table>

<hr>

<?php
/*
------------------------------------------------------------
🧼 Example 1: Sanitize a String
------------------------------------------------------------
This removes all HTML tags from a string.
NOTE: FILTER_SANITIZE_STRING is deprecated as of PHP 8.1
Use strip_tags() or htmlspecialchars() instead.
*/
$str = "<h1>Hello World!</h1>";
$newstr = filter_var($str, FILTER_SANITIZE_STRING);
echo "<h3>Sanitized String: </h3>" . $newstr;
?>

<hr>

<?php
/*
------------------------------------------------------------
🔢 Example 2: Validate an Integer
------------------------------------------------------------
Checks if $int is a valid integer.
*/
$int = 100;
echo "<h3>Validate Integer (100): </h3>";
if (!filter_var($int, FILTER_VALIDATE_INT) === false) {
    echo "✅ Integer is valid";
} else {
    echo "❌ Integer is not valid";
}
?>

<hr>

<?php
/*
------------------------------------------------------------
⚠️ Tip: Special case when input is 0
------------------------------------------------------------
0 is treated as false, so check with === 0 also.
*/
$int = 0;
echo "<h3>Validate Integer (0 - Special Case): </h3>";
if (filter_var($int, FILTER_VALIDATE_INT) === 0 || !filter_var($int, FILTER_VALIDATE_INT) === false) {
    echo "✅ Integer is valid";
} else {
    echo "❌ Integer is not valid";
}
?>

<hr>

<?php
/*
------------------------------------------------------------
🌐 Example 3: Validate an IP Address
------------------------------------------------------------
Checks if $ip is a valid IP.
*/
$ip = "127.0.0.1";
echo "<h3>Validate IP Address: </h3>";
if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
    echo "✅ $ip is a valid IP address";
} else {
    echo "❌ $ip is not a valid IP address";
}
?>

<hr>

<?php
/*
------------------------------------------------------------
📧 Example 4: Sanitize and Validate Email
------------------------------------------------------------
1. Sanitize removes invalid characters.
2. Validate checks if format is correct.
*/
$email = "john.doe@example.com";
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
echo "<h3>Sanitized & Validated Email: </h3>";
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
    echo "✅ $email is a valid email address";
} else {
    echo "❌ $email is not a valid email address";
}
?>

<hr>

<?php
/*
------------------------------------------------------------
🔗 Example 5: Sanitize and Validate URL
------------------------------------------------------------
1. Sanitize removes illegal URL characters.
2. Validate checks proper format.
*/
$url = "https://www.w3schools.com";
$url = filter_var($url, FILTER_SANITIZE_URL);
echo "<h3>Sanitized & Validated URL: </h3>";
if (!filter_var($url, FILTER_VALIDATE_URL) === false) {
    echo "✅ $url is a valid URL";
} else {
    echo "❌ $url is not a valid URL";
}
?>

</body>
</html>