PHP Filter

A PHP filter is used to validate and filter data coming from insecure sources. To test, validate and filter user input or custom data is an important part of any web application. The PHP filter extension is designed to make data filtering easier and quicker.
 
Why we need to use a Filter?
 
Almost all web applications depend on external input. Usually this comes from a user or another application (like a web service). By using filters you can be sure your application gets the correct input type.
 
You should always filter all external data!
 
Input filtering is one of the most important application security issues. What is external data?
 
• Input data from a form
• Cookies
• Web services data
• Server variables
• Database query results
 
Using Server-side validation with PHP filters
 
Following example demonstrate you how we can use PHP filters to validate and filter user input. This example is same to the example given in chapter 11.2 [PHP email] example, but instead of using JavaScript to validate user input on client side, this example validates the user input with the help of PHP filters and other PHP Built-in functions.
 
You can use a combination of both. Using a combination of both Client-side & Server-side can be helpful when Client browser doesn’t have JavaScript enabled or it does not support JavaScript.
 
<?php
$msg="";
$send_to=$_POST['to'];
$from=$_POST['from'];
$subject=$_POST['subject'];
$msg=$_POST['message'];
$headers = 'From: $from' . "\r\n" .
    'Reply-To: $from' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();
$to_row="valid";
$from_row="valid";
$msg_row="valid";
$flag=0;
if ((strlen($subject)<=0)||(!$subject))
{
	$subject="No Subject Given";
}
if (strlen($msg)<=0)
{
global $msg_row;
$msg_row="invalid";
global $flag;
$flag=-1;
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>PHP Tutorial: Working With Filter</title>

<style type="text/css">
<!--
body {
	margin-left: 0px;
	margin-top: 0px;
}
.style1{
background:#0099FF scroll; color:#FFFFFF; font-weight:bold
}
.invalid{
background-color:#FF0000; 
color:#FFFFFF;
}
.valid
{
background-color:#FFFFFF;
color:#FF0000;
}

-->
</style></head>

<body>
<?php
if(isset($_POST['submit']))
{
if(!filter_input(INPUT_POST,"send_to",FILTER_VALIDATE_EMAIL))
{
global $to_row;
$to_row="invalid";
global $flag;
$flag=-1;
}
else 
{
global $to_row;
$to_row="valid";
global $flag;
$flag=1;
}
if(!filter_input(INPUT_POST,"from",FILTER_VALIDATE_EMAIL))
	{
	global $from_row;
	$from_row="invalid";
	global $flag;
	$flag=-1;
	}
	else 
{
	global $from_row;
	$from_row="valid";
	global $flag;
	$flag=1;
	}
	if($flag>0)
	{
		send();				
	}
		
}
?>
 <form  name="emailform" method="post"
  onsubmit="return validateForm()"
 action="<?php echo $PHP_SELF;?>">

 <table width="75%" border="0" cellspacing="0" cellpadding="0">
 <?php 
 	if($flag<0)
	{
 ?>
 <tr style="background-color:#CC6600; 
color:#FFFFFF; font-weight:bold;
 text-align:center">
	 <td colspan="2">Please Re-Enter the Highlighted fields. </td>
 </tr>
 <?php
 }
 ?>
 
 	<tr class="<?php echo $to_row;?>">
 		<td>TO</td>
		<td> <input type="text" name="to" 
value="<?php echo $send_to;?>" />*</td>
  <tr class="<?php echo $from_row;?>">
    <th align="left" scope="row">From</th>
    <td><input type="text" name="from" value="<?php echo $from;?>" />
      *</td>
  </tr>
  <tr>
    <th align="left" scope="row">Subject</th>
    <td><input type="text" name="subject" value="<?php echo $subject;?>"/></td>
  </tr>
  <tr class="<?php echo $msg_row;?>">
  
    <th align="left" scope="row">Message:</th>
    <td valign="top">
<textarea name="message" cols="40" rows="5" class="style1" id="message">
<?php echo $msg;?></textarea>
      *</td>
  </tr>
  <tr>
<th scope="row"><input name="submit" 
type="submit" class="style1" value="Send Email" /></th>
    <td><input name="reset" type="reset" class="style1" value="Clear Form" /></td>
  </tr>
</table>
</form>
</body>
</html>
<?php
function send()
{
	global $send_to;
	global $subject;
	global $msg;
	global $headers;
	@mail($send_to,$subject,$msg,$headers
) or die("Unable to Send EMAIL <br /> Please check your php.ini");
	echo "Message Sent successfully 
to <a href=\"mailto:$send_to\">$send_to</a>";
}
?>
 
The above example usage built-in PHP function filter_input to filter user input.
 
Syntax of filter_input
 
filter_input ( int $type , string $variable_name [, int $filter [, mixed $options ]] )
 
$type can have any one of the following values: One of INPUT_GET, INPUT_POST,
 
INPUT_COOKIE, INPUT_SERVER, INPUT_ENV,
 
Output:
 
img
 
On submitting the form in this state
 
img
 
Assignment
 
1. Write a PHP Script to upload images and then display the uploaded image.
Scroll to Top