![PHP Front To Back [Part 14] - Filters & Validation](https://i.ytimg.com/vi/pfY9LwcsH3A/maxresdefault.jpg)
admin
February 1, 2020
In this video we will look at PHP filters and how to validate data types, emails, urls, etc. We will also be able to sanitize data. Functions will include
filter_has_var()
filter_input()
filter_var()
filter_input_array()
filter_var_array()
CODE: Code for this video
EDUONIX COURSES: Please use affiliate links from website below
SUPPORT: We spend massive amounts of time creating these free videos, please donate to show your support:
FOLLOW TRAVERSY MEDIA:
Nguồn:https://phprealestatescript.com/
Xem Thêm Bài Viết Khác:https://phprealestatescript.com/lap-trinh-php
I went from barely knowing what I was looking at with PHP to being able to code the back end logic of my little visitor Contact page, thanks to you. You rock, man!
FILTER_SANITIZE_EMAIL doesnt remove ? (Question mark)???????
best tutorial
great vid, and series so far man – been doing php for about a decade now, and I'm picking stuff up – thanks!
can i implement this on a API CALLS?
I think that regular if…else and nested if…else statement is more suitable than filter_input_array() function. In filter_input_array() you can't for example determine whether email field is empty or invalid where in if…else you can.
the holy grail of php filter videos , i think this one its the most explanatory and easy to understand videos bout validations , thanks dude , you saved me
Thank you!
Great vid and great explanation 🙂
Does this filter_array thing need to have matching variable names?, Forgot to mention, thank you for the awesome video 🙂
Leaving the form action attribute blank or leaving it out altogether will produce a form that recalls itself.
$_SERVER['PHP_SELF'] is useful in HTML 5 formaction attributes where the form's action has been set to a different file and one wants an option pointing back to the same file.
I love your videos but I don't think setting $_SERVER['PHP_SELF'] is good practice.
Hi could anyone help here. 16:25 Travis has created an associative array and I've understood the keys are custom however the keys used in this example relates to actual properties. Does anyone know where I can find the list of properties that can be used with arrays? Thanks
this is the most understandable video i've seen about this topic. The holy grail of validation/sanitation-explaination.
Brad can you make a tutorial for sending and receiveinh email through contact form (PHPMailer etc.) please Brad. Thanks
where you have put name="data", would this also work for value="Data"? my inputs already have names corresponding to what they are for?
Code at 3:00. when i run first time it says "no data" as it should but when i click the submit button again without entering anything in text box it displays "data found". is this normal?
MAAN. Honestly speaking you should teach teachers how to teach.. There are a lot of courses paid and free, but how you explain in short period of time critical things to understand it's a gods gift. You deserve like Nobel Prize in computing field for sure !! BIG RESPECT for you.
can please some one tell me how does this work
$filters = array(
"data"=>FILTER_VALIDATE_EMAIL,
"data2"=>array(
"filter"=>FILTER_VALIDATE_INT,
"options"=>array(
"min_range"=>1,
"max_range"=>100
)
)
);
If you had front end JavaScript field validations do you need to then have php validations? In that case do you just need php to sanitize the inputted data and submit the form?
Thanks man you are awesome!
@7:45 Why switch from filter_input() to filter_var()? I understand filter_var() will sanitize the data so that it will pass, but do we really want it passing and taking up space in our database if a person enters something like test[]@\///test.net? Even though it passes, it will most likely not be a real email. Wouldn't it be better to have the validation fail and have the user re-enter their email?
PS. I love your videos. Thanks for sharing!
Try to validate int when the $var = 0;
nice tutorial thanks
awesome again. fyi, action="" would call itself.
Thank you so much for this great course!
I tried to use FILTER_SANTIZE_NUMBER_INT BUT it returns NULL why?
$var = '33k2jjj325k254khff25';
$newVar = filter_var($var, FILTER_SANTIZE_NUMBER_INT);
var_dump($newVar);
what is INPUT_POST? is it the same thing as $_POST??
My filter_var code is not working:
if(filter_has_var(INPUT_POST, 'data')){
$email = $_POST['data'];
// Remove illegal chars
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
echo $email.'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo 'Email is valid';
} else {
echo 'Email is NOT valid';
}
}
I still echo invalid email
test^&%&%@test&^&*^.com
Are filters a foolproof method for validations especially forms?
http://form.guide/php-form/php-form-action-self.html
https://www.w3schools.com/php/filter_callback.asp
The sanitizer. It worked the first time, but after that it only cleans up slashes and stuff. I have php 7.1.20
Would it work if we used ternary operator instead of the nested if/else? something like
if(filter_has_var(INPUT_POST, 'data')) {
(filter_input(INPUT_POST, 'data', FILTER_VALIDATE_EMAIL)) ? echo 'Email is valid'; : echo 'Email is not valid';
}
Create a filter array is just a genius level thing. Why I never thought about that before? lol 16:10
When i had both FILTER_SANITIZE_NUMBER_INT and FILTER_SANITIZE_SPECIAL_CHARS turned on, alert would fire, but there was also a copy of alert which was stopped..
filter_var doesn't sanitize some characters like { } [ ]. Why???
Is there any alternative or solution to this???
Do you not need to use htmlspecialcharcters for the action if using php self? I’m a novice but I remover reading that somewhere to avoid malicious scripts
I wish all teachers were as great as you are.
Also when I do a search for filter_sanitize_email on php.net I get a message that says filter_sanitize_email does not exist. Is this filter maybe deprecated?
Time = About 8 minutes into the video. Issue = When I use Brad's code, to sanitize the email data, I don't get the same result as Brad. If I enter jp)(*&@gmail)**&.com, then that is my output as well. I don't get [email protected] So filter_sanitize_email does not strip out the wrong email characters in my case. Not sure what I am doing wrong?
if(filter_has_var(INPUT_POST, 'data')){
$email = $_POST['data'];
//Now remove illegal characters
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
echo $email.'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo 'Email is valid';
} else {
echo 'Email is NOT valid';
}
}
Whats happen if i have more than one field and i want to use the filter_has_var in just one type of input ? I had two inputs in my form and this method didnt work once i delete one of them it worked
But, what if you want to check for exact length of numbers and exact email composition? You have to add extra ehcking methods like regularexpression etc, don't you?
I did't know filters existed for validation in PHP. In class we were tought using custom validation rules that we made ourselves, using if statements, other PHP built in funcions like String funcionts etc, regular expressions and so on, we didn't even know about filters.
I think we didn't even sanitize the input data, and for databases we used only addslashes which i don't know if it's right or not.
In validate integer i tried assigning value to $var from form and when number as string is passed it says its not an integer, while as you suggested quoted number is also considered integer…confused
Question: The example at ~12:07 renders a result where the data is Sanitized to a number. The var_dump identifies the data type as a String even though we'd like to interact with it as an Integer. Will this cause us problems?? What if we wanted the PHP to handle a number string as an identifier only [ie. License Number, Social Security Number]… Do we have to worry about PHP executing mathematical notation on things we don't want it to? I guess PHP is smart enough to know how to use the data based upon whether mathematic operators are used on it [treat the string of numbers as an integer], or if things like the dot concatenation are used [treat the string of numbers like a string]… I did a quick test and tried to add the Sanitize $var number string and got a warning "non-numeric value encountered". I'm asking for clarity as I have no previous Computer Science knowledge. Thanks.
I was wondering, can you combine filtering and sanitize on the same field in an array (such as the $filters array we created here) to use with filter_input_array?
So if you had 10 input elements, you would still need to call the function 10 times? Is there any way you can validate the entire form in one function
Hey Brad shouldn't I code – ' htmlspecialchars($_SERVER['PHP_SELF']) " to secure my server from XSS attacks ?