MAAN. Honestly speaking you should teach teachers how to teach.. There are a lot of courses paid and free, but how you explain in short period of time critical things to understand it's a gods gift. You deserve like Nobel Prize in computing field for sure !! BIG RESPECT for you.
4 years later and i agree with you. with this kind of teaching, even non tech peeps can understand. i shine in college thanks to this chanel, for real. third year it student and i shine in class thanks to the chanel. php is in my advacede web design proramm and its a breeze.
the holy grail of php filter videos , i think this one its the most explanatory and easy to understand videos bout validations , thanks dude , you saved me
For the future viewers that is having a hard time understanding the filter_input_array part that is to say this part >> $filters = array( "data" => FILTER_VALIDATE_EMAIL, "data2" => array( "filter" => FILTER_VALIDATE_INT, "options" => array( "min_range" => 1, "max_range" => 100, ) ) ); The keys inside the "data2" the ""filter", "options" That is predefined by the filter_input_array function, so it is necessary that is the name of the key, it is not created by brad, as well as the "min_range" and "min_max" is necessary for this to work, if you change those keys, then this will not work as that key is necessary for the function filter_input_array more info here, www.php.net/manual/en/function.filter-input-array.php
It's funny you commented about this 3 days ago because it is confusing me, do you understand the line: print_r(FILTER_INPUT_ARRAY(INPUT_POST, $filters));
@@noahmalchy2676 @Noah Malchy @Noah Malchy do you see those "data" and "data2" name in the input field?, basically think of it like the "INPUT_POST" is like a copy array of "$_POST super variable", it is basically a constant that represent the $_POST, To be exact it is called, PREDEFINED CONSTANT that defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime. meaning will only work inside the filter method, so the answer is.. It is only filtering the INPUT_POST, not the actual $_POST www.w3schools.com/php/php_ref_filter.asp
@@noahmalchy2676 By the way, if you are thinking how PHP is working behind the scene, like inside the filters, well think of it like the php is looping and comparing if the CONSTANT VARIABLE INPUT_POST["KEY_NAME"] matches the "keyname" inside the filters>> Here I made a custom filtering method using functional programming in php, it is like in the above video but you will see the core how it works, I actually want to use regex for validation but I think this is enough so I made this and called it custom_array_filter(); methods that have a predefined constant that is called "_CUSTOM_POST" and I run this using the >>> custom_array_filter(_CUSTOM_POST,'filters'); In this example, you will see how the code in the video works behind the scene.. Just copy the code and run it ..
Leaving the form action attribute blank or leaving it out altogether will produce a form that recalls itself. $_SERVER['PHP_SELF'] is useful in HTML 5 formaction attributes where the form's action has been set to a different file and one wants an option pointing back to the same file.
He have a large knowledge base. And I think everybody can be a full stack but it demand a lot of time, effort and passion. He made a video on Tips On Learning How To Code.
I think that regular if...else and nested if...else statement is more suitable than filter_input_array() function. In filter_input_array() you can't for example determine whether email field is empty or invalid where in if...else you can.
Would it work if we used ternary operator instead of the nested if/else? something like if(filter_has_var(INPUT_POST, 'data')) { (filter_input(INPUT_POST, 'data', FILTER_VALIDATE_EMAIL)) ? echo 'Email is valid'; : echo 'Email is not valid'; }
For me Sir php very complicated I am doing this for years and can nont go on, but it will keep me busy a least i wish i could do some thing else this is why i thing to be a programmer you should have a nice brain I want to know every thing and i bought a lots of book as ell I also follow you to many coue=rse in UDMY witch is very good course. I hope some days some one will tell me how to rmember all this thing in this course before the array you should make a example without array to see the result first
Once upon a time I was filling a feedback form online. I didn't want to answer one of the questions because it was personal(sort of). So I opened the chrome dev tool, removed the required property and submitted it successfully. For me, frontend validation is no validation. It's only meant for those with no technical background
When i had both FILTER_SANITIZE_NUMBER_INT and FILTER_SANITIZE_SPECIAL_CHARS turned on, alert would fire, but there was also a copy of alert which was stopped..
at 8:56. , since you have already defined $email = filter_var($email,FILTER_SANITIZE_EMAIL) on line14, is it ok to just pass $email to line 17 ? tested and it worked, just not sure if is the best practice. thx
Question: The example at ~12:07 renders a result where the data is Sanitized to a number. The var_dump identifies the data type as a String even though we'd like to interact with it as an Integer. Will this cause us problems?? What if we wanted the PHP to handle a number string as an identifier only [ie. License Number, Social Security Number]... Do we have to worry about PHP executing mathematical notation on things we don't want it to? I guess PHP is smart enough to know how to use the data based upon whether mathematic operators are used on it [treat the string of numbers as an integer], or if things like the dot concatenation are used [treat the string of numbers like a string]... I did a quick test and tried to add the Sanitize $var number string and got a warning "non-numeric value encountered". I'm asking for clarity as I have no previous Computer Science knowledge. Thanks.
But, what if you want to check for exact length of numbers and exact email composition? You have to add extra ehcking methods like regularexpression etc, don't you? I did't know filters existed for validation in PHP. In class we were tought using custom validation rules that we made ourselves, using if statements, other PHP built in funcions like String funcionts etc, regular expressions and so on, we didn't even know about filters. I think we didn't even sanitize the input data, and for databases we used only addslashes which i don't know if it's right or not.
Do you not need to use htmlspecialcharcters for the action if using php self? I’m a novice but I remover reading that somewhere to avoid malicious scripts
Hi could anyone help here. 16:25 Travis has created an associative array and I've understood the keys are custom however the keys used in this example relates to actual properties. Does anyone know where I can find the list of properties that can be used with arrays? Thanks
In validate integer i tried assigning value to $var from form and when number as string is passed it says its not an integer, while as you suggested quoted number is also considered integer...confused
I was wondering, can you combine filtering and sanitize on the same field in an array (such as the $filters array we created here) to use with filter_input_array?
Hey Teach, I'm stuck at minute 3. So far so simple, and the code is correct, but when I run this I get a Confirm Form Resubmission and Data Found only from the get go? What the hay? Why doesn't this test conditional work for me?
Brad, I've been following along up to this video. I realize this video is five years old, but could a later version of PHP, in my case PHP 8.0.3, or a later version of XAMPP make the filter function act flaky. I don't think it's XAMPP though, because, although I'm getting better results, I also get inconsistent results when I move the filters.php file to my website hosting server. With XAMPP at first, I was getting a "Forbidden You Don't Haver Permission....yada, yada error. Then I shut down my Apache server and started it up. Now, my html no longer displays. I moved the filters.php file to my webhosting service, the html, form section displays, but I can't clear the "Data found' echo.
Whats happen if i have more than one field and i want to use the filter_has_var in just one type of input ? I had two inputs in my form and this method didnt work once i delete one of them it worked
Also when I do a search for filter_sanitize_email on php.net I get a message that says filter_sanitize_email does not exist. Is this filter maybe deprecated?
If you had front end JavaScript field validations do you need to then have php validations? In that case do you just need php to sanitize the inputted data and submit the form?
In theory u don't but i found that is a good practice to do. Frontend validation is user side validation and it servs more as information for users about validity od there input so they can pass correct values. Now you can make logici that, for example, disables submit button if input value is wrong. But there should always be a backend validation logic im place, after all i feel lot safer when i know that i have backup in place that is not exposed to user, makes it safer that way 🙂
Code at 3:00. when i run first time it says "no data" as it should but when i click the submit button again without entering anything in text box it displays "data found". is this normal?
Please reply to the doubts: The FILTER_SANITIZE_EMAIL does not remove #,$,* etc....Only removes / and \ Is this the case with someone else? Pls reply input: test//?\\|||.>
can please some one tell me how does this work $filters = array( "data"=>FILTER_VALIDATE_EMAIL, "data2"=>array( "filter"=>FILTER_VALIDATE_INT, "options"=>array( "min_range"=>1, "max_range"=>100 ) ) );
Time = About 8 minutes into the video. Issue = When I use Brad's code, to sanitize the email data, I don't get the same result as Brad. If I enter jp)(*&@gmail)**&.com, then that is my output as well. I don't get jp@gmail.com. So filter_sanitize_email does not strip out the wrong email characters in my case. Not sure what I am doing wrong? if(filter_has_var(INPUT_POST, 'data')){ $email = $_POST['data']; //Now remove illegal characters $email = filter_var($email, FILTER_SANITIZE_EMAIL); echo $email.''; if(filter_var($email, FILTER_VALIDATE_EMAIL)) { echo 'Email is valid'; } else { echo 'Email is NOT valid'; } }
Hey, i got this warning: Warning: filter_var_array(): First argument is expected to be a valid callback in E:\xampp\htdocs\phpsandbox\filters.php on line 77 and i don't know how to solve it. Anyone help? (it's the same code he has)
the problem these tutorials is that there is no conceptual explanation, no talk of how things actually work, just a stream of examples of this and that
It knows it is a number and if you want to use it like a number it will let you. You decide. But if you try that in C++, C#, Java etc. It will give you en error.
Yeah, its useful for simple searches of something in a catalog, ie, imagine searching for something on wikipedia or Amazon (although I'm not sure if Amazon uses php...)
MAAN. Honestly speaking you should teach teachers how to teach.. There are a lot of courses paid and free, but how you explain in short period of time critical things to understand it's a gods gift. You deserve like Nobel Prize in computing field for sure !! BIG RESPECT for you.
p.s and incredible that you do it for free, so everyone can get top quality education !
Agreed. Perfectly said
4 years later and i agree with you. with this kind of teaching, even non tech peeps can understand. i shine in college thanks to this chanel, for real. third year it student and i shine in class thanks to the chanel. php is in my advacede web design proramm and its a breeze.
this is the most understandable video i've seen about this topic. The holy grail of validation/sanitation-explaination.
the holy grail of php filter videos , i think this one its the most explanatory and easy to understand videos bout validations , thanks dude , you saved me
great vid, and series so far man - been doing php for about a decade now, and I'm picking stuff up - thanks!
Thanks for sharing Brad !
Create a filter array is just a genius level thing. Why I never thought about that before? lol 16:10
For the future viewers that is having a hard time understanding the filter_input_array part
that is to say this part >>
$filters = array(
"data" => FILTER_VALIDATE_EMAIL,
"data2" => array(
"filter" => FILTER_VALIDATE_INT,
"options" => array(
"min_range" => 1,
"max_range" => 100,
)
)
);
The keys inside the "data2" the ""filter", "options" That is predefined by the filter_input_array function, so it is necessary that is the name of the key, it is not created by brad, as well as the "min_range" and "min_max" is necessary for this to work, if you change those keys, then this will not work as that key is necessary for the function filter_input_array
more info here, www.php.net/manual/en/function.filter-input-array.php
It's funny you commented about this 3 days ago because it is confusing me, do you understand the line: print_r(FILTER_INPUT_ARRAY(INPUT_POST, $filters));
@@noahmalchy2676 @Noah Malchy @Noah Malchy do you see those "data" and "data2" name in the input field?, basically think of it like the "INPUT_POST" is like a copy array of "$_POST super variable",
it is basically a constant that represent the $_POST, To be exact it is called, PREDEFINED CONSTANT that defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime. meaning will only work inside the filter method, so the answer is.. It is only filtering the INPUT_POST, not the actual $_POST
www.w3schools.com/php/php_ref_filter.asp
@@noahmalchy2676
By the way, if you are thinking how PHP is working behind the scene, like inside the filters,
well think of it like the php is looping and comparing if the CONSTANT VARIABLE INPUT_POST["KEY_NAME"] matches the "keyname" inside the filters>>
Here I made a custom filtering method using functional programming in php, it is like in the above video but you will see the core how it works, I actually want to use regex for validation but I think this is enough so I made this and called it custom_array_filter(); methods that have a predefined constant that is called "_CUSTOM_POST"
and I run this using the >>> custom_array_filter(_CUSTOM_POST,'filters'); In this example, you will see how the code in the video works behind the scene..
Just copy the code and run it ..
Understood, and by watching your explanation, I found my problem to fix haha Thanks~
Leaving the form action attribute blank or leaving it out altogether will produce a form that recalls itself.
$_SERVER['PHP_SELF'] is useful in HTML 5 formaction attributes where the form's action has been set to a different file and one wants an option pointing back to the same file.
I didn't know php had these!
Noah Nobody me too
I wish all teachers were as great as you are.
Nana says you are smart and she has no idea what your even saying
Are you his daughter?
:)
Bruh this is cute.
Are you full stack god?
He have a large knowledge base. And I think everybody can be a full stack but it demand a lot of time, effort and passion. He made a video on Tips On Learning How To Code.
He is a Samurai Developer...
Yes he is.
99:99 - HERE
4:22 - FILTER_VALIDATE_EMAIL
6:47 - FILTER_SANITIZE_EMAIL
9:21 - other VALIDATION & SANITIZE
11:48 - FILTER_SANITIZE_NUMBER_INT
12:21 - FILTER_SANITIZE_SPECIAL_CHARS + filter_var () !!!
17:00 - filter_input_array() , filter_var_array()
This course is gold. Thank you so much for this.
Topic like this are good. If you are planning on a project,project like this are important to php.Php MVCSimple CMSSimple E ComerceForum base website
I think that regular if...else and nested if...else statement is more suitable than filter_input_array() function. In filter_input_array() you can't for example determine whether email field is empty or invalid where in if...else you can.
Very handy.
Thanks for yet another great tutorial!
Looking forward to the next video! Thanks
You're amazing
Would it work if we used ternary operator instead of the nested if/else? something like
if(filter_has_var(INPUT_POST, 'data')) {
(filter_input(INPUT_POST, 'data', FILTER_VALIDATE_EMAIL)) ? echo 'Email is valid'; : echo 'Email is not valid';
}
Great vid and great explanation :)
thank you, Brad!
Thank you Brad for these tutorials. This is my daily assignments since the announcement. How many projects do you plan to do?
Honestly, I have no idea :) I'm just planning it as we move along. I would guess maybe 3 or 4
Ok, I stay tunned. Keep it real!!!
can't wait!
The sanitizer. It worked the first time, but after that it only cleans up slashes and stuff. I have php 7.1.20
For me Sir php very complicated I am doing this for years and can nont go on, but it will keep me busy a least i wish i could do some thing else this is why i thing to be a programmer you should have a nice brain
I want to know every thing and i bought a lots of book as ell
I also follow you to many coue=rse in UDMY witch is very good course.
I hope some days some one will tell me how to rmember all this thing
in this course before the array you should make a example without array to see the result first
Thanks a lot
Thank you for this.
best tutorial
Thanks man you are awesome!
nice tutorial thanks
awesome again. fyi, action="" would call itself.
thank you, very much!!!! sir!!!!
Thank you!
I believe input type=email is going to be be easy for just checking if a submitted email is valid or not . :)
Once upon a time I was filling a feedback form online. I didn't want to answer one of the questions because it was personal(sort of). So I opened the chrome dev tool, removed the required property and submitted it successfully. For me, frontend validation is no validation. It's only meant for those with no technical background
Very interesting explanation. I just learned something from what you shared. Great point!
Front end validation doesn’t work
Are you going to do some PHP MySQL tuts as well in this series?
Yeah I was wondering the same thing
When i had both FILTER_SANITIZE_NUMBER_INT and FILTER_SANITIZE_SPECIAL_CHARS turned on, alert would fire, but there was also a copy of alert which was stopped..
at 8:56. , since you have already defined $email = filter_var($email,FILTER_SANITIZE_EMAIL) on line14, is it ok to just pass $email to line 17 ? tested and it worked, just not sure if is the best practice. thx
Question: The example at ~12:07 renders a result where the data is Sanitized to a number. The var_dump identifies the data type as a String even though we'd like to interact with it as an Integer. Will this cause us problems?? What if we wanted the PHP to handle a number string as an identifier only [ie. License Number, Social Security Number]... Do we have to worry about PHP executing mathematical notation on things we don't want it to? I guess PHP is smart enough to know how to use the data based upon whether mathematic operators are used on it [treat the string of numbers as an integer], or if things like the dot concatenation are used [treat the string of numbers like a string]... I did a quick test and tried to add the Sanitize $var number string and got a warning "non-numeric value encountered". I'm asking for clarity as I have no previous Computer Science knowledge. Thanks.
I dont get what was on 16:34, How do an array knows which one is for options?
How are you moving the cursor so rapidly? Are you using mouse or the arrow keys or some shortcuts?
where you have put name="data", would this also work for value="Data"? my inputs already have names corresponding to what they are for?
Are filters a foolproof method for validations especially forms?
But, what if you want to check for exact length of numbers and exact email composition? You have to add extra ehcking methods like regularexpression etc, don't you?
I did't know filters existed for validation in PHP. In class we were tought using custom validation rules that we made ourselves, using if statements, other PHP built in funcions like String funcionts etc, regular expressions and so on, we didn't even know about filters.
I think we didn't even sanitize the input data, and for databases we used only addslashes which i don't know if it's right or not.
Do you not need to use htmlspecialcharcters for the action if using php self? I’m a novice but I remover reading that somewhere to avoid malicious scripts
Hi could anyone help here. 16:25 Travis has created an associative array and I've understood the keys are custom however the keys used in this example relates to actual properties. Does anyone know where I can find the list of properties that can be used with arrays? Thanks
In validate integer i tried assigning value to $var from form and when number as string is passed it says its not an integer, while as you suggested quoted number is also considered integer...confused
I was wondering, can you combine filtering and sanitize on the same field in an array (such as the $filters array we created here) to use with filter_input_array?
Same question been wondering in my mind that how to sanitize via an array.
Hey Teach, I'm stuck at minute 3. So far so simple, and the code is correct, but when I run this I get a Confirm Form Resubmission and Data Found only from the get go? What the hay? Why doesn't this test conditional work for me?
I assume this does not strip out "illegal" characters and is therefore not a "security" filter.
Brad, I've been following along up to this video. I realize this video is five years old, but could a later version of PHP, in my case PHP 8.0.3, or a later version of XAMPP make the filter function act flaky. I don't think it's XAMPP though, because, although I'm getting better results, I also get inconsistent results when I move the filters.php file to my website hosting server. With XAMPP at first, I was getting a "Forbidden You Don't Haver Permission....yada, yada error. Then I shut down my Apache server and started it up. Now, my html no longer displays. I moved the filters.php file to my webhosting service, the html, form section displays, but I can't clear the "Data found' echo.
Whats happen if i have more than one field and i want to use the filter_has_var in just one type of input ? I had two inputs in my form and this method didnt work once i delete one of them it worked
Also when I do a search for filter_sanitize_email on php.net I get a message that says filter_sanitize_email does not exist. Is this filter maybe deprecated?
biometric fingure print tutorial if you can
How to redirect to form page with error when data is not accepted
make for us a video on creating a login system
Brad can you make a tutorial for sending and receiveinh email through contact form (PHPMailer etc.) please Brad. Thanks
If you had front end JavaScript field validations do you need to then have php validations? In that case do you just need php to sanitize the inputted data and submit the form?
In theory u don't but i found that is a good practice to do. Frontend validation is user side validation and it servs more as information for users about validity od there input so they can pass correct values. Now you can make logici that, for example, disables submit button if input value is wrong. But there should always be a backend validation logic im place, after all i feel lot safer when i know that i have backup in place that is not exposed to user, makes it safer that way 🙂
Code at 3:00. when i run first time it says "no data" as it should but when i click the submit button again without entering anything in text box it displays "data found". is this normal?
FILTER_SANITIZE_EMAIL doesnt remove ? (Question mark)???????
can i implement this on a API CALLS?
isset() (vs) filter_has_var() ?
Please reply to the doubts:
The FILTER_SANITIZE_EMAIL does not remove #,$,* etc....Only removes / and \
Is this the case with someone else?
Pls reply
input:
test//?\\|||.>
Try to validate int when the $var = 0;
i don't know why but filter_var($email, FILTER_SANITIZE_EMAIL) ha no effect, can someone help me?
solved, my input it wasn't the ideal one😂, this piace of code Remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].
can please some one tell me how does this work
$filters = array(
"data"=>FILTER_VALIDATE_EMAIL,
"data2"=>array(
"filter"=>FILTER_VALIDATE_INT,
"options"=>array(
"min_range"=>1,
"max_range"=>100
)
)
);
filter_var doesn't sanitize some characters like { } [ ]. Why???
Is there any alternative or solution to this???
i have checked what IS allowed to be put in email adress and you'll be surprised, almost every character..
what is INPUT_POST? is it the same thing as $_POST??
Sounds like a built-in constant that is populated by the $_POST array.
Time = About 8 minutes into the video. Issue = When I use Brad's code, to sanitize the email data, I don't get the same result as Brad. If I enter jp)(*&@gmail)**&.com, then that is my output as well. I don't get jp@gmail.com. So filter_sanitize_email does not strip out the wrong email characters in my case. Not sure what I am doing wrong?
if(filter_has_var(INPUT_POST, 'data')){
$email = $_POST['data'];
//Now remove illegal characters
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
echo $email.'';
if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo 'Email is valid';
} else {
echo 'Email is NOT valid';
}
}
Hey, i got this warning:
Warning: filter_var_array(): First argument is expected to be a valid callback in E:\xampp\htdocs\phpsandbox\filters.php on line 77
and i don't know how to solve it. Anyone help? (it's the same code he has)
check you have used option or options??
the problem these tutorials is that there is no conceptual explanation, no talk of how things actually work, just a stream of examples of this and that
time = 11.08 $var='34' is showed that a number.But it's a string. I don't get that?
It knows it is a number and if you want to use it like a number it will let you. You decide. But if you try that in C++, C#, Java etc. It will give you en error.
exactly.. that's why I am confused. Thank you!
Yep. Php is *loosely-typed* language. JavaScript is also. But for example C# is strongly-typed.
Daniella Johansson actually before php I learn c#. btw thanks. seem like you r php ninja coder☺☺😞👏
I was wondering the same thing, and chased down a rabbit hole for a day trying to switch the data type from string to integer.
I love your videos but I don't think setting $_SERVER['PHP_SELF'] is good practice.
Interesting. How so?
@@eduardo_moya I can't remember why, something about Hackability.
I wonder why should you ever use GET is it's so unsafe...
If you want people to share a link then you'd use get e.g.
example.com/products.php?product_id=12
Yeah, its useful for simple searches of something in a catalog, ie, imagine searching for something on wikipedia or Amazon (although I'm not sure if Amazon uses php...)
🤣