Sanitizing email addresses, integers and float numbers - PHP

As I said previously, the FILTER_SANITIZE_STRING filter has the ability to sanitize email addresses and float and integer numbers. So, to help you grasp how these tasks can be performed in a very simple way, please look at the following examples, which are pretty intuitive. Here they are:

// example sanitizing an email address using the FILTER_SANITIZE_EMAIL filter

$email = 'alejandro(&)gervasio@domain.com';

echo filter_var($email, FILTER_SANITIZE_EMAIL); // sanitizes email address

// example sanitizing a URL using the FILTER_SANITIZE_URL filter

$email = 'http://www.devshed.c!m';

echo filter_var($email, FILTER_SANITIZE_URL); // removes invalid characters from a URL

// example sanitizing an integer using the FILTER_SANITIZE_NUMBER_INT filter

$value = '12abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_INT); // sanitizes an integer

// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter

$value = '12.abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); // sanitizes a float number and converts it to an integer

// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter and the FILTER_FLAG_ALLOW_FRACTION argument

$value = '12.abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); // sanitizes a float number

// example sanitizing a float number using the FILTER_SANITIZE_NUMBER_FLOAT filter and the FILTER_FLAG_ALLOW_THOUSAND

$value = '12.,abc345@';

echo filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND); // sanitizes a float number

// example sanitizing magic quotes using the FILTER_SANITIZE_MAGIC_QUOTES filter

$value = "I'm Alejandro Gervasio";

echo filter_var($value, FILTER_SANITIZE_MAGIC_QUOTES);

Undoubtedly, from the code samples show previously, it’s clear to see how simple it is to use the FILTER_SANITIZE_STRING filter to perform different clean up tasks on email addresses, integers and float numbers. In each particular case a specific argument has been passed to the “filter_var()” function to accomplish a specified sanitization process, including the removal of invalid characters from an email address, float and integer numbers respectively. I’m sure that at this point you’ve grasped the logic behind using this handy filter.

With these examples I’m finishing this chapter of the series on sanitizing strings with the PHP 5 filter extension. As usual, feel free to edit all of the code samples developed in this tutorial. This way you can sharp your existing skills for working with this powerful library. The experience will be instructive, trust me.

Final thoughts

Over the eight part of this series, I discussed how to take advantage of the functionality provided by the PHP 5 filter extension, this time for sanitizing strings in all sort of clever manners. As you saw earlier, by using the FILTER_SANITIZE_STRING filter it’s possible to encode quotes, low and high ASCII characters in literals, as well as removing them in the same easy manner, which can be extremely useful for preventing SQL injections and XSS attacks when developing PHP applications.

In the last chapter, I’m going to continue reviewing a few more capabilities offered by the filter library for sanitizing strings and using callbacks functions, thus finishing this round-up on the main features packaged with this powerful PHP extension. So, my little piece of advice here is simple and straight: don’t miss the final chapter!