Home » Coding » PHP » Avoid regex in PHP 90% of the time, using filters – 1 minute tips

Avoid regex in PHP 90% of the time, using filters – 1 minute tips

  • by
PHP filters and regex

Regex are incredibly useful in a lot of situation, but most of the time I use them in two cases: to parse some data from a file, or to verify and parse user input.

A simple example is when a user signs up to your website, you want to make sure that the email specified is a valid email. For that, you have probably written a regex that looks like that:

/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/

While it might work, I don’t recommend this solution, because it is hard to read, and it also will not match everything, you can never be sure that you wrote your regex properly, and you might get false positives.

PHP filters, a better solution

Thankfully, PHP offers a better solution to that problem, called “filters”. Filters are a way to validate and sanitize user input without having to deal with complex regex, in a much more readable way.

Validation filters

Validation filters allow you to verify that the value inputed by the user follows the correct schema. They all use the function filter_var, and take the value that you want to validate, and which filter you want to apply.

if (!filter_var("my/invalid/email@mindflash.org", FILTER_VALIDATE_EMAIL)) {
    echo "The email you submitted is invalid!";
}

You can find the list of all the available validation filters in the official PHP documentation, but here are the most useful ones:

  • FILTER_VALIDATE_EMAIL allows you to check if an email is valid,
  • FILTER_VALIDATE_URL allows you to check if a URL is valid. Note that it doesn’t work for international domains and will only accept ASCII characters,
  • FILTER_VALIDATE_BOOLEAN that validates if a boolean value has been submitted. This is less common, but it will return TRUE for the values 1, true, on and yes, which can be particularly useful if you do command-line scripts that wait for user confirmation.

Sanitizing filters

I find sanitizing filters a bit less useful as you will either have other functions that have the same functionality and that everyone is familiar with, or they are only for very special cases.

Anyway, what sanitizing filters is that instead of validating the input, they will remove characters that are not part of the allowed characters of the filter.

echo filter_var("my/invalid/email@mindflash.org", FILTER_SANITIZE_EMAIL); // Will print "myinvalidemail@mindflash.org"

Again, the list of all the available sanitizing filters is available with all the details on the official documentation.


The goal of this article was to present a simple and useful technique in about 1 minute of reading time, so I did not present every detail of the feature. I hope it will be useful, it is a very simple yet powerful set of functions and

Leave a Reply

Your email address will not be published. Required fields are marked *