What is the best generic class or package to use for input validation?

Question

What is the best, most secured and user-friendly easy to use validator class or plugin we can use in PHP coding to validate the common user inputs like e-mail addresses, URLs, integers, etc.?

e.g. http://code.google.com/p/owasp-esapi-php/. Is there a better way?

Or is using filter_input the best way? e.g.

$value = filter_input(INPUT_GET, "value", FILTER_VALIDATE_INT,
        array("options" => array("min_range" => 15, "max_range" => 20)));

Or custom coding? e.g.

if (isset($_GET["value"])) {
    $value = $_GET["value"];
}
else {
    $value = false;
}
if (is_numeric($value) && ($value >= 15 && $value <= 20)) {
    // run my code
}
else {
    // handle the issue
}

Any expert views on this? I prefer a lazy style, like:

filer_input($POST);

Is there something like that?

Answer 1

If input validation was one-size-fits-all, there would be a whole lot less XSS and SQLi attacks :)

It's a good practice to set up explicit rules using either filter (advantage is that it ships with php) or a similar third party library (filter does have some quircks). Rules can be reused when you use them in array syntax (like filter_input_array or filter_var_array) for those that are used more often (custom regex, etc.)

Compared to custom coding, using a filter library reduces code and therefore potential bugs.

Answer 2

If you're not familiar with such libraries it may be not user- (developer-) friendly, but I think you should really look at Symfony2 Validator Component. It is easily installed throught Composer, can be used standalone and has excellent documentation here: http://symfony.com/doc/current/book/validation.html , GitHub repository can be found here: https://github.com/symfony/Validator .