PHP filter

Summary: in this tutorial, you’ll learn to define a PHP filter() function that sanitizes and validates data.

Define PHP filter() function

In the previous tutorials, you learned how to define the sanitize() and validate() functions to sanitize and validate data.

The sanitize() function sanitizes data based on specified filters and returns an array that contains the sanitized data. For example:

$inputs = sanitize($_POST, [
    'name' => 'string',
    'email' => 'email'
]);Code language: PHP (php)

The validate() function validates data based on the rules and returns an array that contains the error messages:

$errors = validate($inputs,[
    'name' => 'required | max: 255',
    'email' => 'required | email',
]);Code language: PHP (php)

These functions work fine. However, you need to specify two sets of rules: sanitization and validation rules.

To make them more concise, you can define a filter() function that both sanitizes and validates data based on the combination of the sanitization and validation rules:

function filter(array $data, array $fields, array $messages=[]): array
{
    // implementation
}Code language: PHP (php)

For example:

[$inputs, $errors] = filter($_POST, [
    'name' => 'string | required | max: 255',
    'email' => 'email | required | email',
]);Code language: PHP (php)

The name field has the string filter rule and the required | max: 255 validation rule in this code. Therefore, you need to extract the filter and validation rules from the $rules.

$sanitization_rules = [];
$validation_rules = [];

foreach ($fields as $field => $rules) {
    if (strpos($rules, '|')) {
        [$sanitization_rules[$field], $validation_rules[$field] ] =  explode('|', $rules, 2);
    } else {
            $sanitization_rules[$field] = $rules;
    }
}Code language: PHP (php)

How it works.

First, define two arrays that hold the sanitization and validation rules:

$sanitization_rules = [];
$validation_rules = [];Code language: PHP (php)

Second, iterate over the $fields array. For each element, if the $rules contains the | character, split the $rules string using the | separator into two and assign the first element to$sanitization_rules[$field]and the second element to$validation_rules[$field]. Otherwise, assign the $rules to the $sanitization_rules[$field].

For example, if you have the following fields:

[
    'name' => 'string | required | max: 255',
    'email' => 'email | required | email',
]Code language: PHP (php)

The $sanitization_rules will be:

 [
    'name' => 'string',
    'email' => 'email',
]Code language: PHP (php)

And the validation_rules will be:

[
    'name' => 'required | max: 255',
    'email' => 'required | email',
]Code language: PHP (php)

Once having the sanitization and validation rules, you can call the sanitize() and validate() function in sequence and returns an array that contains the sanitized inputs and validation errors:

// ...
$inputs = sanitize($data, $sanitization_rules);
$errors = validate($inputs, $validation_rules, $messages);

return [$inputs, $errors];Code language: PHP (php)

Here’s the complete filter() function:

function filter(array $data, array $fields, array $messages=[]) : array
{
    $sanitization_rules = [];
    $validation_rules  = [];

    foreach ($fields as $field=>$rules) {
        if (strpos($rules, '|')) {
            [$sanitization_rules[$field], $validation_rules[$field] ] =  explode('|', $rules, 2);
        } else {
            $sanitization_rules[$field] = $rules;
        }
    }

    $inputs = sanitize($data, $sanitization_rules);
    $errors = validate($inputs, $validation_rules, $messages);

    return [$inputs, $errors];
}Code language: PHP (php)

Use the PHP filter() function

The following example shows how to use the filter() function:

<?php

require __DIR__ . '/filter.php';

$data = [
    'name' => '',
    'email' => 'john$email.com',
];

$fields = [
    'name' => 'string | required | max: 255',
    'email' => 'email | required | email'
];

[$inputs, $errors] = filter($data, $fields);

print_r($inputs);
print_r($errors);Code language: PHP (php)

Output:

Array
(
    [name] => Please enter the name
    [email] => The email is not a valid email address
)Code language: PHP (php)

Summary

  • Use the PHP filter() helper function to sanitize and validate data.
Did you find this tutorial useful?