Input validation checks if the data is correct and safe. Sanitization cleans the data to remove bad parts.
<?php // Validation example if (filter_var($email, FILTER_VALIDATE_EMAIL)) { // valid email } // Sanitization example $clean_email = filter_var($email, FILTER_SANITIZE_EMAIL); ?>
Validation returns true or false depending on data correctness.
Sanitization returns cleaned data, removing unwanted characters.
<?php $email = "user@example.com"; if (filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Email is valid."; } else { echo "Email is invalid."; } ?>
<?php $dirty_email = "user<>@example.com"; $clean_email = filter_var($dirty_email, FILTER_SANITIZE_EMAIL); echo $clean_email; ?>
<?php $age = "25"; if (filter_var($age, FILTER_VALIDATE_INT)) { echo "Age is a valid number."; } else { echo "Age is not valid."; } ?>
<?php $dirty_string = "<script>alert('hi');</script>"; $clean_string = filter_var($dirty_string, FILTER_SANITIZE_FULL_SPECIAL_CHARS); echo $clean_string; ?>
This program shows how validation can fail if input is dirty, but sanitization cleans it so validation passes.
<?php // Sample program showing validation and sanitization $user_input = "<b>user@example.com</b>"; // Validate email (will fail because of tags) if (filter_var($user_input, FILTER_VALIDATE_EMAIL)) { echo "Valid email: $user_input"; } else { echo "Invalid email before sanitization.\n"; } // Sanitize email $clean_input = filter_var($user_input, FILTER_SANITIZE_EMAIL); echo "Sanitized email: $clean_input\n"; // Validate again after sanitization if (filter_var($clean_input, FILTER_VALIDATE_EMAIL)) { echo "Valid email after sanitization."; } else { echo "Still invalid after sanitization."; } ?>
Always validate first to check if input is correct.
Sanitize input to clean it before using or storing.
Validation and sanitization together help keep data safe and correct.
Validation checks if input is correct and safe.
Sanitization cleans input by removing bad parts.
Use both to protect your program from bad or harmful data.