As I was reading an article this morning I came across this
Most people tend to think of data validation as an immensely tedious process where one either:
Compares the data they want to validate against every possible combination they can think of. Tries to find a golden Regular Expression that will match every possible combination.
A combination of the two.
There are obvious problems with the above listed:It's absolutely time consuming. There is a very high chance of error. Fortunately, beginning with version 5.2, PHP has included a great function called filter_var that takes away the pain of data validation.
Are patterns still neccessary or does filter_var just do it all.
If by patterns you mean regular expressions, then the answer to your question is yes. Why? The built in filters may not sanitize or validate your data exactly how you want. The filters may be overly broad, or they may conform too rigidly to standards for your particular circumstance. The filters many not actually conform to standards at all.
For example, FILTER_SANITIZE_EMAIL and FILTER_VALIDATE_EMAIL might might allow strange email addresses that, while technically legal in the RFC sense, may be undesirable depending on your needs. It is up to you as the developer, the creator of your application, to decide what you really want to accept for an e-mail address.
The PHP filter creators understood that one size fits all is an impractical proposition. Therefore, you can supply your own sanitizing/validating filter with FILTER_CALLBACK and your own validating filter using FILTER_VALIDATE_REGEXP. Are we back at square one? Are we better off?
The real question is are you willing to buy in and accept the "filtering framework/methodology" established by the PHP filter system. Do I? I use their filter system as a first pass, then I use my own carefully crafted sanitizers and validators (yes, I use both FILTER_CALLBACK and FILTER_VALIDATE_REGEXP on top of the generic sanitizers/validators). This is especially true for me when processing HTML forms, as I no longer use $_POST and $_GET. I use filter_input_array() .
So, Mr. Smithyyy, don't reinvent the wheel, but do think for yourself. The key to using the PHP filter system is to create a system, and for some (like me) that means wrapping the filter functions in class. Using various class properties that might store predefined filters, one could imagine a system where various methods, using loops, filter all your data, leaving you with the final output of a good array, or a bad one (which you can take action on, based on your particular circumstance). But, as Mr. Wall of the Perl community notes, "There's more than one way to do it."