A new PHP feature you might have missed (I know I did until I stumbled onto it recently) is the Data Filtering extension, which made its debut in PHP 5.2.0. This extension provides a set of functions for both validating and filtering of external data, such as users’ form inputs.
These functions are each controlled as to what sort of filtering/validating they do by a set of pre-defined constants. See the Data Filtering Introduction page of the manual for a list of the currently available filters. As an example of its potential utility in the simplification of your code, consider the validation of email address formats. Probably the most commonly used technique for this is to use a regular expression comparison. The most thorough implementation of such a function I’ve encountered is this one I found at iamcal.com:
function is_valid_email_address($email){
$qtext = '[^\\x0d\\x22\\x5c\\x80-\\xff]';
$dtext = '[^\\x0d\\x5b-\\x5d\\x80-\\xff]';
$atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c'.
'\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+';
$quoted_pair = '\\x5c[\\x00-\\x7f]';
$domain_literal = "\\x5b($dtext|$quoted_pair)*\\x5d";
$quoted_string = "\\x22($qtext|$quoted_pair)*\\x22";
$domain_ref = $atom;
$sub_domain = "($domain_ref|$domain_literal)";
$word = "($atom|$quoted_string)";
$domain = "$sub_domain(\\x2e$sub_domain)*";
$local_part = "$word(\\x2e$word)*";
$addr_spec = "$local_part\\x40$domain";
return preg_match("!^$addr_spec$!", $email) ? 1 : 0;
}
This perfectly adequate (and very thorough) function can now be replaced with a single-line call to the filter_var() function:
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
$errors[] = 'Invalid email address.';
}
Not only does this save typing and condense your code, but since it is a compiled PHP function, it is faster, too. (A bit of testing on my part showed it to run approximately twice as fast the the preg_match() function above — your mileage may vary.)
So take a little time to peruse the Data Filtering section of the manual and consider what other chunks of your code you might be able to replace with a single built-in function call.
[...] Security Issue with FILTER_VALIDATE_EMAIL July 19, 2008 2:03 am cwreace PHP Just a few days ago I recommended using filter_var() with the FILTER_VALIDATE_EMAIL argument as a convenient means [...]