Filter_var or RegEx?

Orc · 01-08-2008, 11:36 AM

I have been thinking most of the time about Filtering out the Variables or just a Regular Expression for matching different variables like for generally a Membership System with Email.
I want a comparison of Filter_var and RegEx when it comes to matching these vars.

Example of a Filter_Var:

PHP Code:


			
<?php

$filter1=(filter_var('bob@example.com', FILTER_VALIDATE_EMAIL));

$filter2=(filter_var('example.com', FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED));



  if(!$filter) {

     echo 'This email is not valid!';

} else {

  echo 'Well pfft.. It is valid -_-';

}

?>

And thus the hard-coded ways:

PHP Code:


			
            $name = "/^[-!#$%&'*+./0-9=?A-Z^_`{|}~]+";

// http://www.(example).com

            $host = "([-0-9A-Z]+.)+";

// This is extension or a TLD( Top Level Domain ) and it involves the Extension of the Host

            $ext = "([0-9A-Z]){2,4}$/i";

Which is more Powerful, and Effective? Obviously Filter_var is simpler in terms of matching vars.

Karl · 01-08-2008, 11:50 AM

There's no technical reason to my choice, but for sheer simplicity I would say to use filters over regex. I don't see the point in writing regex when you can easily use a pre-made filter. I'd only use regex if a filter is inadequate or doesn't exist.

Orc · 01-08-2008, 11:53 AM

Ah, I thought someone would say something like that! Thanks! :D

Wildhoney · 01-08-2008, 12:50 PM

Another valid point is that people try and tackle regular expressions when they're not fully learned in the subject. I admit, I used to be one of those and I do surmise my older applications are susceptible to regular expression issues.

The very fact that the Filter Vars is an established PHP library would make it beneficial to use above anything else because it will have been thoroughly tested against many various tricks that users may well decide to try.

Salathe · 01-08-2008, 03:04 PM

FILTER_VALIDATE_EMAIL only uses a (PCRE) regular expression to validate the email address anyway: it's important to know what the filter will and will not allow as it may possibly be different from what you're prepared to accept in your application. That said, it's not a part of the PHP core for nothing. The regular expression is the same as used in the PEAR QuickForm Email validation.

FILTER_VALIDATE_URL does a few things, and there are flags to further hone the behaviour of the filter. Firstly, this filter removes any invalid characters (as per the appropriate RFC specs) and if nothing is left (ie, the entire string contained invalid characters!) the validation fails. Next, the string is passed through parse_url. If the string cannot be parsed as an url (including any required parts defined by the flags used, if any), the validation fails. If all goes well, the validation is successful.

Note: A scheme is required (http, mailto, file, etc.). Important, an 'url' such as file://c:/myfile.exe or even (a made up one!) talkphp://salathe/pm will be allowed by this filter.

Summary
The above might come across to the reader as negative towards the filters. I like the filters as another tool available for our use, but to be able to effectively use any tool you really have to know how it works which the post above aimed to inform you about.

With all that said, Wildhoney's latest point about people using regular expressions echoes the idea behind this post. The tools are there to be used, whether you understand how/why/when to use the tool is another matter altogether.