Nick Jones

a magento developer (@nickj89) based in Bath

Simple PHP Input Validation – filter_var()

A large chunk of your project’s time is going to be devoted to input validation. Sanitising the data that was typed into the form is essential to maintaining your application’s security. Mattias Geniar, over on his blog, talks about using PHP’s filter_var function which is a simple pecl install filter away. He explains how we can change something from this:

$filter = "^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,4})$";
if (!eregi($filter, $user_email)) {
	echo "Invalid e-mail address.";
}

..to this:

if (!filter_var($user_email, FILTER_VALIDATE_EMAIL)) {
	echo "Invalid e-mail";
}

..along with a host of other filters and sanitiser which, believe it or not, are not documented on the man page.

Check his great article out at http://mattiasgeniar.be/2009/02/07/input-validation-using-filter_var-over-regular-expressions/.

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">