This PHP filters is used to validate and filter data coming from insecure sources, like user input.
As of PHP 5.2.0, the filter functions are enabled by default. There is no installation needed to use these functions.
The behavior of these functions is affected by settings in php.ini:
Name | Description | Default | Changeable |
---|---|---|---|
filter.default | Filter all $_GET, $_POST, $_COOKIE, $_REQUEST and $_SERVER data by this filter. Accepts the name of the filter you like to use by default. See the filter list for the list of the filter names | "unsafe_raw" | PHP_INI_PERDIR |
filter.default_flags | Default flags to apply when the default filter is set. This is set to FILTER_FLAG_NO_ENCODE_QUOTES by default for backwards compatibility reasons | NULL | PHP_INI_PERDIR |
Function | Description |
---|---|
filter_has_var() | Checks if a variable of a specified input type exist |
filter_id() | Returns the ID number of a specified filter |
filter_input() | Get input from outside the script and filter it |
filter_input_array() | Get multiple inputs from outside the script and filters them |
filter_list() | Returns an array of all supported filters |
filter_var_array() | Get multiple variables and filter them |
filter_var() | Get a variable and filter it |
Validate Filters:
ID Name | Description |
---|---|
FILTER_VALIDATE_BOOLEAN | Return TRUE for "1", "true", "on" and "yes", FALSE for "0", "false", "off", "no", and "", NULL otherwise |
FILTER_VALIDATE_EMAIL | Validate value as e-mail |
FILTER_VALIDATE_FLOAT | Validate value as float |
FILTER_VALIDATE_INT | Validate value as integer, optionally from the specified range |
FILTER_VALIDATE_IP | Validate value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges |
FILTER_VALIDATE_REGEXP | Validate value against regexp, a Perl-compatible regular expression |
FILTER_VALIDATE_URL | Validate value as URL, optionally with required components |
Sanitize Filters:
ID Name | Description |
---|---|
FILTER_SANITIZE_EMAIL | Remove all characters, except letters, digits and !#$%&'*+-/=?^_`{|}~@.[] |
FILTER_SANITIZE_ENCODED | URL-encode string, optionally strip or encode special characters |
FILTER_SANITIZE_MAGIC_QUOTES | Apply addslashes() |
FILTER_SANITIZE_NUMBER_FLOAT | Remove all characters, except digits, +- and optionally .,eE |
FILTER_SANITIZE_NUMBER_INT | Remove all characters, except digits and +- |
FILTER_SANITIZE_SPECIAL_CHARS | HTML-escape '"<>& and characters with ASCII value less than 32 |
FILTER_SANITIZE_FULL_SPECIAL_CHARS | |
FILTER_SANITIZE_STRING | Strip tags, optionally strip or encode special characters |
FILTER_SANITIZE_STRIPPED | Alias of "string" filter |
FILTER_SANITIZE_URL | Remove all characters, except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&= |
FILTER_UNSAFE_RAW | Do nothing, optionally strip or encode special characters |
Other Filters:
ID Name | Description |
---|---|
FILTER_CALLBACK | Call a user-defined function to filter data |