The php Function Filter_Input
The php function filter_input is an incredibly useful function for sanitizing and validating input data in your application. It can help you avoid security issues caused by improperly escaping and processing of user-submitted data, and improve the overall quality of your code. It also allows you to separate the validation and processing logic which makes your code easier to read and debug.
Filter_input() gets external variables (like form input) and filters them. It can also validate variables from insecure sources like user input and return the filtered data on success, FALSE on failure or NULL if the variable does not exist.
The first parameter in the filter_input() function is the type of input, e.g. INPUT_GET, INPUT_POST, INPUT_COOKIE or INPUT_SERVER. The second parameter is the name of the variable you want to filter and the third is an array of options and flags for the corresponding filter.
In the example above we filter the 'name' input using FILTER_SANITIZE_STRING to remove all tags, then the 'email' input is sanitized and validated with FILTER_VALIDATE_EMAIL and finally the'school website URL' string is filtered by FILTER_VALIDATE_URL to ensure that it is in the format 'http://www.yourschool.com/'.
You can use the filters in filter_input() to sanitize and validate almost any type of data. Just remember that each filter has its own set of options and flags which you should familiarize yourself with before using them in production. Using the right filters will make your application much more secure and reliable and you can get rid of using $_GET or $_POST to retrieve and process user-submitted data.