Reinventing the wheel. This is something that programmers do over and over and over again. I have come up with a few hypotheses as to why this is the case:

• Don’t know any better. This is the type of programmer that wants to start writing code right away and doesn’t wonder if a solution already exists.
• Doesn’t trust the “wheel”. This is the person who would rather write something from scratch because they don’t trust anyone else’s code.
• Can’t find the “wheel”. This is when the person takes a quick look (e.g. 1 Google search) and decides they must write it themselves.

I know several people from each of the aforementioned categories. Some are simply clueless with regard to reusability and others just have a hard head. When I first studied software engineering I loved just sitting down with a can of coke and typing as much code as possible, as fast as possible. I remember doing pair programming and having my partner comment “You are typing too fast”, and responding with a clever smile. In University I was even forced to re-implement data structures, such as linked lists, to grasp the basics of how they work. In an educational context I think this is a good idea, but not when you are working for real, i.e. in a real company. In my case, I eventually slowed down my typing and thought through what I wanted to do first, did some research, and then proceeded.

Back to the subject at hand

How many times have you wanted to validate an e-mail address?

How many times have you wanted to sanitize input?

How many times have wanted to validate anything really?

For the first question, my typical thought process would involve thinking which characters are allowed, which are not allowed, determine that a regular expression would be ideal for this situation and google it. I would then check if any PEAR packages can help out, such as Validate. If I was using a framework, such as Zend Framework, I could check out what it offers. For ZF, there are many many classes pertaining to validation and filtering. Meanwhile, our wheel reinventers would start writing a regex, invariably forgetting or simplifying the rules, or ending up with a page long regular expression. For those who Googled say “php email validation”, they are presented with over 1 million results containing spiffy regular expressions.

It gets simpler

Available since PHP 5.1 and bundled in PHP as of 5.2 (late 2006), the PHP Filter extension makes it way simpler. This extension provides several functions that allow you to do two types of filtering: validation and sanitization. Validation can be done on emails, IP’s, URL’s, regex’s, and more. Data can be sanitized based on many filters but most importantly it can be sanitized similarly to htmlentities().

How easy is that? It doesn’t get any easier than that. Actually, it can. Suppose we want to validate our data from HTTP GET or POST:

This extension also supports sanitization of data, e.g. the removal of invalid characters. This is especially useful to prevent XSS attacks and handles character encoding issues fine.

Conclusion

The filter extension provides an easy way to sanitize and validate input. The way it works may not suit everyone’s needs: The default behavior is not what everyone wants and there are quirks. Still, most of the functions allow fine grained option settings (even callbacks), making this extension easy to use yet customizable for specific needs. For some reason I don’t see many people use this extension, let alone know that it exists. For something that’s been bundled with PHP for several years this is unfortunate.

Additional reading on the filter extension: here and here.