 Hey everybody this is Brian and welcome to the 45th lamp tutorial. Man, you know I have tried recording this video like a dozen times and every time I get interrupted either the phone rings or the cat projectile vomits and I'm not going to go into details it was pretty gross but so let's hope we can actually get this video done and posted on YouTube. So what we're going to talk about today is validating and sanitizing user input. What do I mean by that? You see we have a form here, pretty simple form actually you see it down here we just have you know enter your email address and when you type something and we submit our query it just you entered with them whatever you entered. Not hard to figure out you know pretty simple and you see how we're just using a normal you know post variable to get it and then you entered blah blah blah. Well the problem is email I entered LOL, LOL is not a valid email actually we could enter just about anything we wanted to into this and you know it just does it. So how do you validate that the data is correct? Well let's try this. Filter, var short for variable and then we want the actual variable and we said user and then we need an actual filter you see how it's saying long filter well you guys it's just an array item so different types of PHP filters you see how they're sanitize and validate. Let's say filters sanitize or validate well sanitize is when you are actually changing the data and we'll get to that in a minute but validates really what we want you see there's a bunch of them and so many that we we could probably do another 50 videos just on these but we're not going to because it's pretty simple topic. So you say if filter var the variable and then the filter we're using and then we're just going to echo out valid email and we're going to just throw an else in here. I think this video is cursed my cats over here playing with something and I know he's going to rip the cord of my microphone out. He's got me so nervous I can't even type kitty knock it off. Alright so we're just going to repost the same data and it says invalid email because that's not a valid email so let's try my email address. Valid email now how does it determines a valid email well it follows the structure it has a somebody at something dot something. For example we could say me at home.com not even sure if that's valid see what says valid email. Now when we say valid it's not checking to see if it's actually a valid email meaning it's somebody's going to actually read the email is checking to see if the structure of the data is valid it could be a valid email. For example let's try this Brian space at space something space.com actually let's put a exclamation in there looks like it could be kind of an email address but no it's not valid because it has spaces has a special character things of that nature. So what we're going to do here is we're going to try to sanitize it and when we say sanitize what we're saying is we're actually going to try to fix the problem the user entered something maybe they goof something up we're going to try and recover it so we're just going to say san equal filter bear and you guessed it we need a filter so we're going to go out to our filter list here and look for let's see we got sanitize email here we go and it says removes all special characters exist except letters digits and those guys so let's actually grab that go back out here let's echo this out all right so we're just going to print this out here we're going to repost the same data and you see how it says the sanitize version is Brian at something exclamation.com still not perfect but you can see how it's stripping out special characters so if they did like a be Karen's space on accident at void realms.com it will actually try to sanitize that it'll actually correct minor mistakes so that's the difference between validation and sanitizing data it's pretty important you should always sanitize and validate your data because let's say you're working with a database we haven't quite gotten there yet but let's say we type in something like this drop table users what that would be and know this is my disclaimer this is not a valid sequel injection attack and don't you ever try to do this on anybody's website because it's illegal but what this would essentially do is it would go out to the database and say do you have a table named users and if so delete it that would be catastrophic for a website so if somebody type that into your website hit submit you enter blah well that would actually execute the statement rather than just sanitize it so something you should be aware of and something you should definitely do in practice in the real world you would use a PHP framework which I'm really debating on should we or should we not cover a framework it's going to be a massive tutorial series if we do that I mean we'll probably be rivaling the cute series where we'll have hundreds of videos but I'm open to suggestions I was actually looking at the yee the yee let's go out here and look at this thing kind of getting off base here PHP why it's looking at different PHP frameworks yeah the PHP framework ah there it is oh come on how embarrassing server not found really wonder if my internet connection died or it's my virtual machine being goofy anyways what a framework will give you is yeah there is the framework this is supposedly the best framework out there right now and what a framework will really do for you is it will make your coding lightning fast because there's already a massive code base written for you you just have to know how to use it and that's the trick with frameworks but wrapping it back into filters it will have the filters already built in so whenever you're accessing the database it'll filter and sanitize the data for you so you don't have to worry about it so some other things we should really touch on here me scroll through my notes to do oh yes let's kind of do something similar here let's comment this out want to show an alternate way of doing this just real quick and simple what we're gonna do is say if filter has there and then we're gonna say input whoops post because we're posting the data from the phone and then we're going to say email now where we get an email from we're getting it from the name of this input so that's where we're getting that so we're saying if filter has variable from input post and it should be named email tada then do something and then we'll just actually let's actually just type it out if filter input I say filter validate email if you're wondering what we're doing is we're accomplishing the same thing but we're instead of actually getting the variable manually you can actually do it through this filter has there and then filter input and then give it the input post and it'll extract it for you and then we can just say a valid email or invalid email let's recent this and it should yeah invalid email so let's type a valid email in there valid email so it does essentially the same thing but instead of you having to extract this whoops comment it out the wrong thing here instead of you having to extract the variable yourself it does it for you automatically now if you wanted to get it that variable you'd have to actually go out and then you know pull it out through the post variable so that's all for this tutorial I know I babbled a little bit if you guys are interested in learning the e-framework I'm I'm game I actually I have a massive project I'm working on that's part of why I'm teaching myself PHP so if you're interested in learning a framework I'd be interested in learning it and teaching it so let me know that's all thanks for watching