PHP Front To Back [Part 14] - Filters & Validation

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
you guys welcome to your next PHP front-to-back video in this video we're going to take a look at filters and validation in PHP okay now this is a last video before we actually do a small project in the next video we're going to do a contact form which is very simple but it's going to include pretty much all the stuff that we dealt with up to this point so I think it's a good little project now filters are used to validate check check data types and we can also sanitize with with filters for instance if we want an email address to to be formatted and we don't want any you know characters that aren't supposed to be in an email address we can use a filter for that okay so what I'm going to do here first is just grab a form in HTML form and I'm going to paste that in okay we should probably create the file first so what's called it filters dot PHP that's the wrong place cp3 sandbox alright so let me paste in this form very simple I don't know if I've showed you guys this but for the action I'm using echo el server the server superglobal and PHP self which is just going to give us the current page you could just as well put filters dot PHP in here but this is a neater way because even if you change the name of the file this will still work alright so that's all that is now the first function that we're going to look at is filter has box and what that does is it can check for posts or get values all right so when we submit the form instead of saying if is set you know post data we can use this filter so put a comment and say check for posted data and we're going to put an if statement or if-else okay and let's put in here if filter has devar and we want to put in input underscore posts for the first parameter okay now this was method equals get then you would put input underscore get and then the second value is going to be the input field so in this case we have the name data so that's what we're going to put here okay and then let's just say echo so if this is true this is true we'll just say data found and if it's not then it will echo out no data so let's save that and then we'll go to localhost / PHP and PHP myadmin HP's sandbox and so they call this filters dot PHP so we get no data right away because obviously we haven't posted that value so it's not finding it but if we put something in here and submit see we get data found all right so it's just a way to test for a certain poster or get value all right now if I change this to get and if we go and reload and submit the form actually so that the form we get no data because we're using method yet and it's looking for post data so if we change this to get and we enter something and we get data found okay and we're going to get data found if that value is in the you are alright so we're just going to make that factor post so we can also validate input data as well with a function called filter input so what I'm going to do here is I'm going to copy this put that here can you get rid of that and what we're going to do is check for data okay check to make sure this is submitted and then we want to validate it as an email address so for that we're going to put an if statement in here and we're going to say if filter underscore input and we want input on the score of toast and then the field name which is data and then we want the validation which is going to be an email address so we say filter underscore validate email and that shouldn't have a quote okay and then in here let's do echo so if it validates then we're going to say email is valid and then we'll do an else and we'll echo and now is not valid so let's say actually let's comment this out up here and we'll save that and let's just refresh this completely and submit just anything and we get email is not valid if we submit test at test comm we get email is valid so this is a much easier and cleaner way that are checking for an email than using something like a some crazy regular expression now in addition to these these validates and there's a lot of these I'll paste them in in a few minutes but we can also sanitize data so if we want an email address and we want to remove any characters in it that don't belong in an email address we can do that so what I'll do is keep this and then Zig we're going to take the value that in post data and put it into a variable called email alright so we'll say post and data if you haven't watched the the I think it was part and a much sure what pot it was but the one will we talk about getting post if you haven't watched that cat I suggest doing that alright so putting it in this value called email or this variable called email and then we want to remove illegal characters so we can do that with filters sanitize email and we use a function called filter var for that so it's the email equals filter bar and in here we're going to pass in that email value and then we want to put in our filter underscore sanitize spell that sanitize underscore our email and that will actually strip out any characters that don't belong there just to show you I'm going to echo out email okay we'll do that and we'll also concatenate a line break okay so when we submit this it should print out the clean version of the email and then it'll also tell us if it's valid or not so let's just refresh this and let's put in C we'll do a test put in a couple slashes a couple you know less than greater than what else we'll put some parentheses and then we put an @ symbol and then we'll do test a couple other back slashes forward slashes com okay so that's a mess right there but if I submit it you'll see that it goes out test a test com it stripped out all the stuff that shouldn't be there now notice that it says email is not valid the reason for that is that when we ran this right here it took the value that we submitted what was the one with all the flashes and the weird stuff so that doesn't pass this so in this situation we wouldn't use this what we would do is we'd use filter var with filter validate email with this right here so let's change this to filter var and then we're going to just change we're going to get rid of both of these and replace it with the email variable which is the you know the clean value that we sanitized so then let's save that and reload and now we get email is valid okay we weren't testing the the post value directly we cleaned you know we cleaned it you sanitized it and then we tested for it now what I'm going to do is paste in all the different validations we can do so we can touch for boolean email flow integers and IP address a regular expression and a URL and then for the sanitize space those done as well we have email and coded floats integers special characters strings and URLs okay so we can basically strip out tags so that the value is it will pass these each of these typed okay hopefully that makes sense I'm going to comment the rest of the so let's do an integer validation so we'll have a variable and I'll set it to 23 and then let's run it through an if and we'll say if filter underscore var and then we'll pass in var and then our validation which will be filter validate int and then we'll echo the echo var is a number L bar is not a number okay so 23 is a number now even if we wrap quotes around this and reload we're going to get 23 as a number okay good toy letters in here like this reload we get that is not a number okay and you can do this with any of the any of these validations right here okay so you can touch for those and it's just a much easier way than using something like regular expressions now let me give you an example for sanitizing sanitizing an integer or number so what we can do is set number equals and let's put a bunch of numbers and letters mixed okay and that should actually be in quotes and then what we'll do is we'll do a var dump which we used before and we're going to pass in here filter underscore var and it's a PIN number actually let's not call this number let's call it bar and we're going to put filter underscore sanitized number int alright so let's run that we'll save it reload and now you'll see that all of the all of the letters have been stripped out okay it sanitized it into an integer alright so this one here special chars is also very helpful that'll prevent people from for instance inserting script tags into a form that that out put something on the page so let me give you an example of that if we were to set this to script and in here let's just say alert one something like that and we were to echo that out save that reload and that actually runs the script and if we look in the source you'll see it right here ok well we can use the echo filter bar and let's pass in bar and then we'll add the filter sanitized target special characters so let's see what happens when we do that I'm still echoing out the gist the box when I comment that up and then if we reload you'll see that it's not going to fire it off it's just going to output it on the screen and if we were to look at the source code it just turns them into harmless entities okay so that's a really handy filter okay so now what I'm going to show you is filter var array and filter input array now just filter var and filter input is great if you're dealing with one field but usually you'll have a bunch of different fields so it's got another one here and we'll just call this one data two and what we can do is create an array let's call it filters and I'll set this to array and let's go in here and let's say data set that to filter validate email okay and we put a comma and then let's say data to let's say data to we want it to be an int but I also want to add some options so we're actually going to set it to an array like that and in here we can specify the filter we want which is going to be filter validate int r number int I know that's sanitized we watch validate int alright and we can actually add some options with it so for options that's also going to be an array and we can set a minimum so let's say min on the score range actually needs to be can quotes so min range and I took that to one and then we'll set a max range Ranger I'll so the max range of say 100 okay so now we have this array and it specifies the validations we want for each field and also some options so what we're going to do with this is do a print our and here let's do the filter underscore input I'm sorry filter input array and in here we're going to pass in input underscore post and then we're going to apply filters okay now when we submit this if data isn't a valid email address it's not going to it's not going to get through all right same thing with data too if it's not a number that's between 1 and 100 get through so let's go ahead and try this out we'll save it and just refresh this so we have two inputs and let's see what happens if we put just anything in here but that's not an email address and then something in here that's not in between 1 and 100 if we submit it notice that data won't data and data to are now they're empty ok it didn't get through if we were to put test at test comm and we were to put something that is in the range of 1 and a hundred and submit now they go through ok so these are this is really good for working with multiple fields when you're working with arrays now we also have filter var array okay in addition to input array so let's comment this out so what I'm going to do here is create an array just call it AR and set it to array and let's say we have a name and I'm just going to set this to my name but I'm going to use all lowercase and I'll show you why in a second look and say gauge we'll set that to 35 and then email we'll set that to say plus throw that at gmail.com all right so we have this array and now we're going to create again we're going to create a filters array and then we want to take each of these fields and we want to apply the the filters that we want so let's say name and what's at that now we could just put a filter right here but I'm going to actually make it an array because we're going to have some other stuff with it all right so this will be let's see all right and what I'm going to apply is a filter and we're going to set this to filter underscore callback and then this allows us to actually apply a function to to this value so I put it in all lowercase because I'm going to use you see words which will make every word make the first letter capitalized so to do that we can say options and set that to a function and we're going to call it you see or knock or call it we're going to use the you see where it's function you could use your own custom function as well okay so that's for the name now for the H for age we're going to also set that to an array and see what we're going to do here we're going to set the filter and let's set that to filter underscore validate underscore int okay so it has to be an integer it has to be a number and then we have options and we'll set that to an array because we want to set a min and a max value so it's a min range okay just like we did up up with the input array and we'll set that to 1 and say max range and we'll flip that to 120 okay so that takes care of age validation now we have the email and all I want to apply here is the email filter so we'll just say filter underscore validate email and that's it alright so now we're going to do the same thing we did up top up above we're going to do a print R and then here we're going to select the size filter bar array and then we'll pass in puffin our array which is ARR and then filters okay so we'll save that and now if we go and refresh this you'll see that everything is there because everything is validated now if I were to change age to let's say 130 and reload you'll see that age is not there it's not being accepted all right and if this wasn't a valid email address let's say we have two dots here and we reload that's not being accepted okay and you can also see that the name has an uppercase letter for each word because we applied the you see words callback alright so I think that's good enough I mean there's a little there's a lot more to this but this is already getting too long for just this one subject but there's a lot to it so it definitely suggests that you go to php.net and take a look at all the validation examples and the sanitized examples because there's a lot to it and it's really helpful when it comes to validation all right guys so that's going to be it in the next video we're going to actually start do a little project we're going to do a contact form and I will see you then
Info
Channel: Traversy Media
Views: 89,328
Rating: undefined out of 5
Keywords: php, php filters, php filter_var php filter_input, php validation, php form validation
Id: pfY9LwcsH3A
Channel Id: undefined
Length: 21min 19sec (1279 seconds)
Published: Sat Mar 11 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.