Regex are incredibly useful in a lot of situation, but most of the time I use them in two cases: to parse some data from a file, or to verify and parse user input.
A simple example is when a user signs up to your website, you want to make sure that the email specified is a valid email. For that, you have probably written a regex that looks like that:
/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/
While it might work, I don’t recommend this solution, because it is hard to read, and it also will not match everything, you can never be sure that you wrote your regex properly, and you might get false positives.
PHP filters, a better solution
Thankfully, PHP offers a better solution to that problem, called “filters”. Filters are a way to validate and sanitize user input without having to deal with complex regex, in a much more readable way.
Validation filters
Validation filters allow you to verify that the value inputed by the user follows the correct schema. They all use the function filter_var
, and take the value that you want to validate, and which filter you want to apply.
if (!filter_var("my/invalid/email@mindflash.org", FILTER_VALIDATE_EMAIL)) {
echo "The email you submitted is invalid!";
}
You can find the list of all the available validation filters in the official PHP documentation, but here are the most useful ones:
FILTER_VALIDATE_EMAIL
allows you to check if an email is valid,FILTER_VALIDATE_URL
allows you to check if a URL is valid. Note that it doesn’t work for international domains and will only accept ASCII characters,FILTER_VALIDATE_BOOLEAN
that validates if a boolean value has been submitted. This is less common, but it will returnTRUE
for the values1
,true
,on
andyes
, which can be particularly useful if you do command-line scripts that wait for user confirmation.
Sanitizing filters
I find sanitizing filters a bit less useful as you will either have other functions that have the same functionality and that everyone is familiar with, or they are only for very special cases.
Anyway, what sanitizing filters is that instead of validating the input, they will remove characters that are not part of the allowed characters of the filter.
echo filter_var("my/invalid/email@mindflash.org", FILTER_SANITIZE_EMAIL); // Will print "myinvalidemail@mindflash.org"
Again, the list of all the available sanitizing filters is available with all the details on the official documentation.
The goal of this article was to present a simple and useful technique in about 1 minute of reading time, so I did not present every detail of the feature. I hope it will be useful, it is a very simple yet powerful set of functions and