How to Validate (and Sanitize) User Input In PHP Using Filter_Input() and Filter_Var()

Never trust user data.

That’s the mantra. Good advice. So, how do you do it? In recording my newest training course, How to Submit and HTML Form to MySQL Using PHP, I talk quite a bit about the concept of “layered security”. Not my idea, though… it’s a pretty standard and accepted concept in application security (WikiPedia article on it here).

So, you have:

  • Prepared statements to stop SQL injection
  • Output escaping for XSS attacks
  • Tokens for CSRF

And, one I don’t see as much: input validation and sanitization using PHP’s filter_input() and filter_var() functions. So, you can do something like this:

<?php $name = filter_var($_POST['name'], FILTER_SANITIZE_STRING); ?>

That runs the $_POST element “name” through FILTER_SANITIZE_STRING… which “Strip tags, optionally strip or encode special characters.” You can see a full list of available filters here.

You can also validate like this:

<?php $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); ?>

Which will: “Validates whether the value is a valid e-mail address.” If it’s not a valid email address, filter_var() returns false meaning you can run validations checks off it, like this:

<?php
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if ( $email === false ) {
 // Handle invalid emails here
 }
?>

Optionally, you can use filter_input() like this:

<?php
$name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRING);
$email= filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL);
$search = filter_input(INPUT_GET, "s", FILTER_SANITIZE_STRING);
?>

And, so on.

You also have filter_var_array() and filter_input_array() for filtering entire arrays at once WITH unique flags for each element.

In any case, do this to add just one more layer of security and ensure the user input you accept into your application isn’t going to let a hacker in the front door.

Also, if you’d like to learn preventing SQL injection and XSS attacks, as well, enroll in my new course. We go into all of it along with creating an HTML5 form, a MySQL database and tying the two together with PHP — in video format so you can see it come together. Plus, you get access to final source code to download and use as you wish.

Join 7,700 Other Freelancers Who've Built Thriving Freelance Businesses

Over 7,700 other freelancers have started thriving freelance businesses using the information on this blog. Are you next? Subscribe below to get notified whenever a new article is posted and create your own success story:

Subscribe

You might also like

Facebook
Twitter
LinkedIn
Reddit
Pinterest
John Morris

JOHN MORRIS

I’m a 15-year veteran of freelance web development. I’ve worked with bestselling authors and average Joe’s next door. These days, I focus on helping other freelancers build their freelance business and their lifestyles.

This Post Has 2 Comments

  1. Mike January 1, 2018 Reply

    Great article John, been looking for something like this for a while. I just joined your Udemy course, and it’s really good so far. Thanks, buddy.

    1. John Morris January 2, 2018 Reply

      Thanks Mike! Glad you’re enjoying the course

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Join 7,700 Other Freelancers Who've Built Thriving Freelance Businesses

Over 7,700 other freelancers have started thriving freelance businesses using the information on this blog. Are you next? Subscribe below to get notified whenever a new article is posted and create your own success story:

Subscribe

Latest Shorts

View all »

Latest Posts

View all »

Success Stories

Ready to add your name here?

Tim Covello

Tim Covello

75 SEO and website clients now. My income went from sub zero to over 6K just last month. Tracking 10K for next month. Seriously, you changed my life.

Michael Phoenix

Michael Phoenix

By the way, just hit 95K for the year. I can’t thank you enough for everything you’ve taught me. You’ve changed my life. Thank you!

Stephanie Korski

Stephanie Korski

I started this 3 days ago, following John’s suggestions, and I gained the Upwork Rising Talent badge in less than 2 days. I have a call with my first potential client tomorrow. Thanks, John!

Jithin Veedu

Jithin Veedu

John is the man! I followed his steps and I am flooded with interviews in a week. I got into two Talent clouds. The very next day, I got an invitation from the talent specialists from Upwork and a lot more. I wanna shout out, he is the best in this. Thanks John for helping me out!

Divyendra Singh Jadoun

Divyendra Singh Jadoun

After viewing John’s course, I made an Upwork account and it got approved the same day. Amazingly, I got my first job the very same day, I couldn’t believe it, I thought maybe I got it by coincidence. Anyways I completed the job and received my first earnings. Then, after two days, I got another job and within a week I got 3 jobs and completed them successfully. All the things he says seem to be minute but have a very great impact on your freelancing career.

Sarah Mui

Sarah Mui

I’ve been in an existential crisis for the last week about what the heck I’m doing as a business owner. Even though I’ve been a business for about a year, I’m constantly trying to think of how to prune and refine services. This was very personable and enjoyable to watch. Usually, business courses like this are dry and hard to get through…. repeating the same things over and over again. This was a breath of fresh air. THANK YOU.

Waqas Abdul Majeed

Waqas Abdul Majeed

I’ve definitely learnt so much in 2.5 hours than I’d learn watching different videos online on Youtube and reading tons of articles on the web. John has a natural way of teaching, where he is passionately diving in the topics and he makes it very easy to grasp — someone who wants you to really start running your business well by learning about the right tools and implement them in your online business. I will definitely share with many of the people I know who have been struggling for so long, I did find my answers and I’m sure will do too.

Scott Plude

Scott Plude

I have been following John Morris for several years now. His instruction ranges from beginner to advanced, to CEO-level guidance. I have referred friends and clients to John, and have encouraged my own daughter to pay attention to what he says. All of his teachings create wealth for me (and happiness for my clients!) I can’t speak highly enough about John, his name is well known in my home.

Sukh Plaha

John is a fantastic and patient tutor, who is not just able to share knowledge and communicate it very effectively – but able to support one in applying it. However, I believe that John has a very rare ability to go further than just imparting knowledge and showing one how to apply it. He is able to innately provoke one’s curiosity when explaining and demonstrating concepts, to the extent that one can explore and unravel their own learning journey. Thanks very much John!

Mohamed Misrab

Misrab Mohamed

John has been the most important person in my freelance career ever since I started. Without him, I would have taken 10 or 20 years more to reach the position I am at now (Level 2 seller on Fiverr and Top Rated on Upwork).

Join 7,700 Other Freelancers Who've Built Thriving Freelance Businesses

Over 7,700 other freelancers have started thriving freelance businesses using the information on this blog. Are you next? Subscribe below to get notified whenever a new article is posted and create your own success story:

Subscribe