PHP Filter Introduction
This PHP filters is used to validate and filter data coming from insecure sources, like user input.
Installation
As of PHP 5.2.0, the filter functions are enabled by default. There is no installation needed to use these functions.
Runtime Configurations
The behavior of these functions is affected by settings in php.ini:
Name | Description | Default | Changeable |
---|---|---|---|
filter.default | Filter all $_GET, $_POST, $_COOKIE, $_REQUEST and $_SERVER data by this filter. Accepts the name of the filter you like to use by default. See the filter list for the list of the filter names | "unsafe_raw" | PHP_INI_PERDIR |
filter.default_flags | Default flags to apply when the default filter is set. This is set to FILTER_FLAG_NO_ENCODE_QUOTES by default for backwards compatibility reasons | NULL | PHP_INI_PERDIR |
PHP 5 Filter Functions
Function | Description |
---|---|
filter_has_var() | Checks if a variable of a specified input type exist |
filter_id() | Returns the filter ID of a specified filter name |
filter_input() | Gets an external variable (e.g. from form input) and optionally filters it |
filter_input_array() | Gets external variables (e.g. from form input) and optionally filters them |
filter_list() | Returns a list of all supported filters |
filter_var_array() | Gets multiple variables and filter them |
filter_var() | Filters a variable with a specified filter |
PHP 5 Predefined Filter Constants
Constant | ID | Description |
---|---|---|
FILTER_VALIDATE_BOOLEAN | 258 | Validates a boolean |
FILTER_VALIDATE_EMAIL | 274 | Validates an e-mail address |
FILTER_VALIDATE_FLOAT | 259 | Validates a float |
FILTER_VALIDATE_INT | 257 | Validates an integer |
FILTER_VALIDATE_IP | 275 | Validates an IP address |
FILTER_VALIDATE_REGEXP | 272 | Validates a regular expression |
FILTER_VALIDATE_URL | 273 | Validates a URL |
FILTER_SANITIZE_EMAIL | 517 | Removes all illegal characters from an e-mail address |
FILTER_SANITIZE_ENCODED | 514 | Removes/Encodes special characters |
FILTER_SANITIZE_MAGIC_QUOTES | 521 | Apply addslashes() |
FILTER_SANITIZE_NUMBER_FLOAT | 520 | Remove all characters, except digits, +- and optionally .,eE |
FILTER_SANITIZE_NUMBER_INT | 519 | Removes all characters except digits and + - |
FILTER_SANITIZE_SPECIAL_CHARS | 515 | Removes special characters |
FILTER_SANITIZE_FULL_SPECIAL_CHARS | ||
FILTER_SANITIZE_STRING | 513 | Removes tags/special characters from a string |
FILTER_SANITIZE_STRIPPED | 513 | Alias of FILTER_SANITIZE_STRING |
FILTER_SANITIZE_URL | 518 | Removes all illegal character from s URL |
FILTER_UNSAFE_RAW | 516 | Do nothing, optionally strip/encode special characters |
FILTER_CALLBACK | 1024 | Call a user-defined function to filter data |