PHP Front To Back [Part 14] – Filters & Validation



In this video we will look at PHP filters and how to validate data types, emails, urls, etc. We will also be able to sanitize data. Functions will include

filter_has_var()
filter_input()
filter_var()
filter_input_array()
filter_var_array()

CODE: Code for this video

EDUONIX COURSES: Please use affiliate links from website below

SUPPORT: We spend massive amounts of time creating these free videos, please donate to show your support:

FOLLOW TRAVERSY MEDIA:

Nguồn: https://svdpch.org/

Xem thêm bài viết khác: https://svdpch.org/cong-nghe/

48 thoughts on “PHP Front To Back [Part 14] – Filters & Validation”

  1. the problem these tutorials is that there is no conceptual explanation, no talk of how things actually work, just a stream of examples of this and that

    Reply
  2. at 8:56. , since you have already defined $email = filter_var($email,FILTER_SANITIZE_EMAIL) on line14, is it ok to just pass $email to line 17 ? tested and it worked, just not sure if is the best practice. thx

    Reply
  3. For the future viewers that is having a hard time understanding the filter_input_array part

    that is to say this part >>

    $filters = array(

    "data" => FILTER_VALIDATE_EMAIL,

    "data2" => array(

    "filter" => FILTER_VALIDATE_INT,

    "options" => array(

    "min_range" => 1,

    "max_range" => 100,

    )

    )

    );

    The keys inside the "data2" the ""filter", "options" That is predefined by the filter_input_array function, so it is necessary that is the name of the key, it is not created by brad, as well as the "min_range" and "min_max" is necessary for this to work, if you change those keys, then this will not work as that key is necessary for the function filter_input_array

    more info here, https://www.php.net/manual/en/function.filter-input-array.php

    Reply
  4. great vid, and series so far man – been doing php for about a decade now, and I'm picking stuff up – thanks!

    Reply
  5. I think that regular if…else and nested if…else statement is more suitable than filter_input_array() function. In filter_input_array() you can't for example determine whether email field is empty or invalid where in if…else you can.

    Reply
  6. the holy grail of php filter videos , i think this one its the most explanatory and easy to understand videos bout validations , thanks dude , you saved me

    Reply
  7. Does this filter_array thing need to have matching variable names?, Forgot to mention, thank you for the awesome video 🙂

    Reply
  8. Leaving the form action attribute blank or leaving it out altogether will produce a form that recalls itself.
    $_SERVER['PHP_SELF'] is useful in HTML 5 formaction attributes where the form's action has been set to a different file and one wants an option pointing back to the same file.

    Reply
  9. Hi could anyone help here. 16:25 Travis has created an associative array and I've understood the keys are custom however the keys used in this example relates to actual properties. Does anyone know where I can find the list of properties that can be used with arrays? Thanks

    Reply
  10. this is the most understandable video i've seen about this topic. The holy grail of validation/sanitation-explaination.

    Reply
  11. Brad can you make a tutorial for sending and receiveinh email through contact form (PHPMailer etc.) please Brad. Thanks

    Reply
  12. where you have put name="data", would this also work for value="Data"? my inputs already have names corresponding to what they are for?

    Reply
  13. Code at 3:00. when i run first time it says "no data" as it should but when i click the submit button again without entering anything in text box it displays "data found". is this normal?

    Reply
  14. MAAN. Honestly speaking you should teach teachers how to teach.. There are a lot of courses paid and free, but how you explain in short period of time critical things to understand it's a gods gift. You deserve like Nobel Prize in computing field for sure !! BIG RESPECT for you.

    Reply
  15. can please some one tell me how does this work

    $filters = array(

    "data"=>FILTER_VALIDATE_EMAIL,

    "data2"=>array(

    "filter"=>FILTER_VALIDATE_INT,

    "options"=>array(

    "min_range"=>1,

    "max_range"=>100

    )

    )

    );

    Reply
  16. If you had front end JavaScript field validations do you need to then have php validations? In that case do you just need php to sanitize the inputted data and submit the form?

    Reply
  17. @7:45 Why switch from filter_input() to filter_var()? I understand filter_var() will sanitize the data so that it will pass, but do we really want it passing and taking up space in our database if a person enters something like test[]@\///test.net? Even though it passes, it will most likely not be a real email. Wouldn't it be better to have the validation fail and have the user re-enter their email?

    PS. I love your videos. Thanks for sharing!

    Reply
  18. Thank you so much for this great course!
    I tried to use FILTER_SANTIZE_NUMBER_INT BUT it returns NULL why?
    $var = '33k2jjj325k254khff25';
    $newVar = filter_var($var, FILTER_SANTIZE_NUMBER_INT);
    var_dump($newVar);

    Reply
  19. My filter_var code is not working:

    if(filter_has_var(INPUT_POST, 'data')){
    $email = $_POST['data'];

    // Remove illegal chars
    $email = filter_var($email, FILTER_SANITIZE_EMAIL);
    echo $email.'<br>';

    if(filter_var($email, FILTER_VALIDATE_EMAIL)){
    echo 'Email is valid';
    } else {
    echo 'Email is NOT valid';
    }
    }

    I still echo invalid email
    test^&%&%@test&^&*^.com

    Reply
  20. Would it work if we used ternary operator instead of the nested if/else? something like
    if(filter_has_var(INPUT_POST, 'data')) {
    (filter_input(INPUT_POST, 'data', FILTER_VALIDATE_EMAIL)) ? echo 'Email is valid'; : echo 'Email is not valid';
    }

    Reply
  21. When i had both FILTER_SANITIZE_NUMBER_INT and FILTER_SANITIZE_SPECIAL_CHARS turned on, alert would fire, but there was also a copy of alert which was stopped..

    Reply
  22. filter_var doesn't sanitize some characters like { } [ ]. Why???
    Is there any alternative or solution to this???

    Reply
  23. Do you not need to use htmlspecialcharcters for the action if using php self? I’m a novice but I remover reading that somewhere to avoid malicious scripts

    Reply
  24. Also when I do a search for filter_sanitize_email on php.net I get a message that says filter_sanitize_email does not exist. Is this filter maybe deprecated?

    Reply
  25. Time = About 8 minutes into the video. Issue = When I use Brad's code, to sanitize the email data, I don't get the same result as Brad. If I enter jp)(*&@gmail)**&.com, then that is my output as well. I don't get jp@gmail.com. So filter_sanitize_email does not strip out the wrong email characters in my case. Not sure what I am doing wrong?

    if(filter_has_var(INPUT_POST, 'data')){

    $email = $_POST['data'];

    //Now remove illegal characters
    $email = filter_var($email, FILTER_SANITIZE_EMAIL);
    echo $email.'<br>';

    if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo 'Email is valid';
    } else {
    echo 'Email is NOT valid';
    }
    }

    Reply
  26. Whats happen if i have more than one field and i want to use the filter_has_var in just one type of input ? I had two inputs in my form and this method didnt work once i delete one of them it worked

    Reply
  27. But, what if you want to check for exact length of numbers and exact email composition? You have to add extra ehcking methods like regularexpression etc, don't you?

    I did't know filters existed for validation in PHP. In class we were tought using custom validation rules that we made ourselves, using if statements, other PHP built in funcions like String funcionts etc, regular expressions and so on, we didn't even know about filters.
    I think we didn't even sanitize the input data, and for databases we used only addslashes which i don't know if it's right or not.

    Reply
  28. In validate integer i tried assigning value to $var from form and when number as string is passed it says its not an integer, while as you suggested quoted number is also considered integer…confused

    Reply

Leave a Comment