MENU
Filter Synopsis
filter_var($m[,$filter[,$options]]) filters a variable with a specified filter. It returns the filtered data, or FALSE if the filter fails. filter_var_array ($arr[,$definition]) filters an array of data. It returns an array containing the filtered variables, which have a value of FALSE on failure.$filter, $options, $definition |
| Validation filters merely checks if the data meets certain qualification. Sanitization filters, on the other hand, may change the data. |
| Validation Filters |
| FILTER_VALIDATE_BOOLEAN flags: FILTER_NULL_ON_FAILURE returns TRUE for “1”,”true”,”on” and “yes”, FALSE otherwise. If FILTER_NULL_ON_FAILURE is set, FALSE is returned only for “0”,”false”,”off”,”no” and “”, and NULL is returned for all non-boolean values. |
| FILTER_VALIDATE_EMAIL |
| FILTER_VALIDATE_FLOAT flags: FILTER_FLAG_ALLOW_THOUSAND options: decimal FILTER_FLAG_ALLOW_THOUSAND allows a comma as a thousands separator in numbers. |
| FILTER_VALIDATE_INT flags: FILTER_FLAG_ALLOW_OCTAL FILTER_FLAG_ALLOW_HEX options: min_range max_range |
| FILTER_VALIDATE_IP flags: FILTER_FLAG_IPV4 FILTER_FLAG_IPV6 FILTER_FLAG_NO_PRIV_RANGE FILTER_FLAG_NO_RES_RANGE validates the value as an IP address, optionally only IPv4 or IPv6 or not from private (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or reserved (0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 224.0.0.0/4) ranges. |
| FILTER_VALIDATE_REGEXP options: regexp |
| FILTER_VALIDATE_URL flags: FILTER_FLAG_PATH_REQUIRED FILTER_FLAG_QUERY_REQUIRED |
| Sanitization Filters |
| FILTER_SANITIZE_EMAIL removes all characters except letters, digits and !#$%&’*+-/=?^_`{|}~@.[]. |
| FILTER_SANITIZE_ENCODED flags: FILTER_FLAG_STRIP_LOW FILTER_FLAG_STRIP_HIGH FILTER_FLAG_ENCODE_LOW FILTER_FLAG_ENCODE_HIGH URL-encodes the string, optionally stripping or encoding special characters. |
| FILTER_SANITIZE_MAGIC_QUOTES applies addslashes(). |
| FILTER_SANITIZE_NUMBER_FLOAT flags: FILTER_FLAG_ALLOW_FRACTION FILTER_FLAG_ALLOW_THOUSAND FILTER_FLAG_ALLOW_SCIENTIFIC removes all characters except digits, +- and optionally .,eE. |
| FILTER_SANITIZE_NUMBER_INT removes all characters except digits, +-. |
| FILTER_SANITIZE_SPECIAL_CHARS flags: FILTER_FLAG_STRIP_LOW FILTER_FLAG_STRIP_HIGH FILTER_FLAG_ENCODE_HIGH HTML-escapes ‘”<>& and characters with an ASCII value less than 32. |
| FILTER_SANITIZE_FULL_SPECIAL_CHARS flags: FILTER_FLAG_NO_ENCODE_QUOTES applies htmlspecialchars() with ENT_QUOTES set. |
| FILTER_SANITIZE_STRING or FILTER_SANITIZE_STRIPPED flags: FILTER_FLAG_NO_ENCODE_QUOTES FILTER_FLAG_STRIP_LOW FILTER_FLAG_STRIP_HIGH FILTER_FLAG_ENCODE_LOW FILTER_FLAG_ENCODE_HIGH FILTER_FLAG_ENCODE_AMP |
| FILTER_SANITIZE_URL removes all characters except letters, digits and $-_.+!*’(),{}|\^~[]`<>#%”;/?:@&=. |
| FILTER_UNSAFE_RAW flags: FILTER_FLAG_STRIP_LOW FILTER_FLAG_STRIP_HIGH FILTER_FLAG_ENCODE_LOW FILTER_FLAG_ENCODE_HIGH FILTER_FLAG_ENCODE_AMP does nothing, optionally stripping or encoding special characters |
| Callback Filter |
| FILTER_CALLBACK options: callable function or method |
For the flags, FILTER_FLAG_STRIP_LOW strips characters that has a numerical value <32. FILTER_FLAG_STRIP_HIGH strips characters that has a numerical value >127. FILTER_FLAG_ENCODE_LOW encodes characters with a numerical value <32. FILTER_FLAG_ENCODE_HIGH encodes characters with a numerical value >127. FILTER_ FLAG_ENCODE_AMP encodes ampersands &.