Php Filter Advanced
# PHP Advanced Filtering
PHP's filter extension provides powerful tools not only for basic validation (like checking for emails or basic integers) but also for complex, fine-grained data validation and sanitization. By utilizing options and flags, you can customize how filters behave to meet strict application requirements.
This tutorial covers advanced filtering techniques using `filter_var()`, including range validation, IP version-specific checks, URL query string requirements, and high-ASCII character sanitization.
---
## 1. Validating an Integer Within a Range
To validate whether an integer falls within a specific range, you can pass an associative array containing `options` to the `filter_var()` function. The `options` array accepts `min_range` and `max_range` keys.
### Example
The following example validates whether an integer is between 1 and 200 (inclusive):
```php
array(
"min_range" => $min,
"max_range" => $max
)
);
if (filter_var($int, FILTER_VALIDATE_INT, $filter_options) === false) {
echo "Variable value is not within the valid range.";
} else {
echo "Variable value is within the valid range.";
}
?>
```
---
## 2. Validating IPv6 Addresses
By default, `FILTER_VALIDATE_IP` validates any valid IP address (IPv4 or IPv6). If you want to restrict validation strictly to IPv6 addresses, you can pass the `FILTER_FLAG_IPV6` flag.
### Example
The following example checks if the variable `$ip` is a valid IPv6 address:
```php
```
---
## 3. Validating URLs with Required Query Strings
You can enforce strict URL structures using flags. For instance, if your application requires that a URL must contain a query string (e.g., `?id=10`), you can combine `FILTER_VALIDATE_URL` with the `FILTER_FLAG_QUERY_REQUIRED` flag.
### Example
The following example checks if a URL is valid and contains a query string:
```php
```
*Note: The example above will output that it is not valid because `https://www.youtip.co` does not contain a query string like `?lang=en`.*
---
## 4. Sanitizing Strings: Removing High-ASCII Characters
To sanitize input by stripping characters with an ASCII value greater than 127 (such as special symbols or non-standard characters), you can use `FILTER_FLAG_STRIP_HIGH` alongside a string filter.
> **Note on PHP 8.1+ Compatibility:** `FILTER_SANITIZE_STRING` is deprecated in PHP 8.1. For modern PHP applications, you can achieve similar sanitization using `filter_var()` with `FILTER_UNSAFE_RAW` and the `FILTER_FLAG_STRIP_HIGH` flag, or by using alternative string manipulation functions.
### Example
The following example strips HTML tags and removes characters with an ASCII value greater than 127 (such as `Γ`, `Γ`, and `Γ
`):
```php
Hello WorldΓΓΓ
!";
// Strip HTML tags and remove high-ASCII characters
$newstr = filter_var($str, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
echo $newstr;
// Output: Hello World!
?>
```
---
## Summary of Advanced Filter Flags
| Filter | Flag | Description |
| :--- | :--- | :--- |
| `FILTER_VALIDATE_INT` | `min_range`, `max_range` | Defines the minimum and maximum boundaries for integer validation. |
| `FILTER_VALIDATE_IP` | `FILTER_FLAG_IPV4` | Validates only IPv4 addresses. |
| `FILTER_VALIDATE_IP` | `FILTER_FLAG_IPV6` | Validates only IPv6 addresses. |
| `FILTER_VALIDATE_IP` | `FILTER_FLAG_NO_PRIV_RANGE` | Fails validation if the IP is from a private range (e.g., `192.168.x.x`). |
| `FILTER_VALIDATE_URL` | `FILTER_FLAG_PATH_REQUIRED` | Requires the URL to contain a path (e.g., `/blog/`). |
| `FILTER_VALIDATE_URL` | `FILTER_FLAG_QUERY_REQUIRED`| Requires the URL to contain a query string (e.g., `?page=2`). |
| `FILTER_UNSAFE_RAW` | `FILTER_FLAG_STRIP_HIGH` | Strips characters with an ASCII value > 127. |
For a complete list of all available filters, options, and flags, please refer to the official (php-ref-filter.html).
YouTip