PHP Filter_Var() – Sanitize Common Data Input

Filter_Var() is a PHP function intended to help validate and sanitize certain types of data. It can verify that an email address is in a correct format, remove harmful characters and tags, etc..

I discovered this interesting feature through Sanitize and Validate Data with PHP Filters over at NETTUTS.

The function validates and sanitizes, two things that are very much different but easily confused. Validation is the act of making sure that input is formatted correctly, while sanitization is the process of filtering out unwanted garbage that may be detrimental, such as exploitation attempts.

The following would return a string containing the validated email, or FALSE if it were malformed.

filter_var('', FILTER_VALIDATE_EMAIL);

  • Mike

    This function is a useless distraction.

    filter_var(‘nobody@example.blorg’, FILTER_VALIDATE_EMAIL) also returns a true value, when clearly the TLD does not exist.

    I wasted 2 hours implementing this function in an app to find out it is not a complete answer to validating e-mail addresses. The documentation I’ve read so far does not point out the function’s many shortcomings.