W3docs
en
Log in

filter_input()

PHP is a popular server-side scripting language that offers a range of built-in functions for processing user input. One such function is filter_input(), which

Introduction

PHP is a popular server-side scripting language that offers a range of built-in functions for processing user input. One such function is filter_input(), which is used to filter and sanitize user input data. In this article, we will provide you with a detailed guide on how to use filter_input() in PHP, its syntax, and its benefits.

Syntax

The syntax for filter_input() is as follows:

The PHP syntax of filter_input()

filter_input ( int $type , string $variable_name [, int $filter = FILTER_DEFAULT [, mixed $options ]] ) : mixed

The function takes two required parameters: $type (such as INPUT_GET or INPUT_POST) and $variable_name. The $filter parameter is optional and defaults to FILTER_DEFAULT. An optional fourth parameter, $options, can be used to specify additional filter options. The function returns the filtered input data on success, null if the input variable is not set, or false on failure.

Usage

The filter_input() function is used to filter and sanitize user input data before it is used in your application. For example, the following code uses filter_input() to sanitize user input from a form:

Example of PHP filter_input()

<?php

$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($name === null) {
    // Handle missing input
    $name = '';
}

In this example, the code uses filter_input() with the INPUT_POST constant to retrieve the value of the 'name' field from a form submitted via POST. The FILTER_SANITIZE_FULL_SPECIAL_CHARS filter is used to escape special characters. Note that FILTER_SANITIZE_STRING was removed in PHP 8.0, so FILTER_SANITIZE_FULL_SPECIAL_CHARS or FILTER_SANITIZE_SPECIAL_CHARS should be used instead.

For validation purposes, you can use filters like FILTER_VALIDATE_EMAIL or FILTER_VALIDATE_INT. These return the validated data on success, or false if the input does not match the expected format.

Benefits

Using filter_input() can help improve the security and reliability of your PHP application by filtering and sanitizing user input data. By validating input data before processing it, you can ensure that your application only accepts valid data and avoid potential security breaches.

Additionally, using filter functions can help improve the overall quality of your code by making it more readable and maintainable. By separating validation logic from processing logic, you can make your code more modular and easier to debug.

Conclusion

In conclusion, the filter_input() function is a useful tool for filtering and sanitizing user input data in PHP applications. By using it in conjunction with other filter functions, you can improve the security and quality of your code, while also making it easier to read and maintain.

Practice

Practice

Which of the following PHP functions are used to sanitize and validate forms?