This site is mobile accessible. Press the "Tap Here" button to use a different font-size.


Smartphone icons created by Freepik - Flaticon

  • PHP Filter Functions

  • PHP Filter Introduction

    This PHP filters is used to validate and filter data coming from insecure sources, like user input.

    Installation

    From PHP 5.2.0, the filter functions are enabled by default. There is no installation needed to use these functions.

    Runtime Configurations

    The behavior of these functions is affected by settings in php.ini:

    Name Description Default Changeable
    filter.default Filter all $_GET, $_POST, $_COOKIE, $_REQUEST and $_SERVER data by this filter. Accepts the name of the filter you like to use by default. See the filter list for the list of the filter names "unsafe_raw" PHP_INI_PERDIR
    filter.default_flags Default flags to apply when the default filter is set. This is set to FILTER_FLAG_NO_ENCODE_QUOTES by default for backwards compatibility reasons NULL PHP_INI_PERDIR

    PHP Filter Functions

    Function Description
    filter_has_var() Checks whether a variable of a specified input type exist
    filter_id() Returns the filter ID of a specified filter name
    filter_input() Gets an external variable (e.g. from form input) and optionally filters it
    filter_input_array() Gets external variables (e.g. from form input) and optionally filters them
    filter_list() Returns a list of all supported filter names
    filter_var() Filters a variable with a specified filter
    filter_var_array() Gets multiple variables and filter them

    PHP Predefined Filter Constants

    Constant Description
    INPUT_POST POST variables
    INPUT_GET GET variables
    INPUT_COOKIE COOKIE variables
    INPUT_ENV ENV variables
    INPUT_SERVER SERVER variables
    FILTER_DEFAULT Do nothing, optionally strip/encode special characters. Equivalent to FILTER_UNSAFE_RAW
    FILTER_FLAG_NONE Allows no flags
    FILTER_FLAG_ALLOW_OCTAL Only for inputs that starts with a zero (0) as octal numbers. This only allows the succeeding digits to be 0-7
    FILTER_FLAG_ALLOW_HEX Only for inputs that starts with 0x/0X as hexadecimal numbers. This only allows succeeding characters to be a-fA-F0-9
    FILTER_FLAG_STRIP_LOW Strip characters with ASCII value lower than 32
    FILTER_FLAG_STRIP_HIGH Strip characters with ASCII value greater than 127
    FILTER_FLAG_ENCODE_LOW Encode characters with ASCII value lower than 32
    FILTER_FLAG_ENCODE_HIGH Encode characters with ASCII value greater than 127
    FILTER_FLAG_ENCODE_AMP Encode &
    FILTER_FLAG_NO_ENCODE_QUOTES Do not encode ' and "
    FILTER_FLAG_EMPTY_STRING_NULL Not in use
    FILTER_FLAG_ALLOW_FRACTION Allows a period (.) as a fractional separator in numbers
    FILTER_FLAG_ALLOW_THOUSAND Allows a comma (,) as a thousands separator in numbers
    FILTER_FLAG_ALLOW_SCIENTIFIC Allows an e or E for scientific notation in numbers
    FILTER_FLAG_PATH_REQUIRED The URL must contain a path part
    FILTER_FLAG_QUERY_REQUIRED The URL must contain a query string
    FILTER_FLAG_IPV4 Allows the IP address to be in IPv4 format
    FILTER_FLAG_IPV6 Allows the IP address to be in IPv6 format
    FILTER_FLAG_NO_RES_RANGE Fails validation for the reserved IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8 and 240.0.0.0/4, and for the reserved IPv6 ranges: ::1/128, ::/128, ::ffff:0:0/96 and fe80::/10
    FILTER_FLAG_NO_PRIV_RANGE Fails validation for the private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16, and for the IPv6 addresses starting with FD or FC
    FILTER_FLAG_EMAIL_UNICODE Allows the local part of the email address to contain Unicode characters
    FILTER_REQUIRE_SCALAR The value must be a scalar
    FILTER_REQUIRE_ARRAY The value must be an array
    FILTER_FORCE_ARRAY Treats a scalar value as array with the scalar value as only element
    FILTER_NULL_ON_FAILURE Return NULL on failure for unrecognized boolean values
    FILTER_VALIDATE_BOOLEAN Validates a boolean
    FILTER_VALIDATE_EMAIL Validates value as a valid e-mail address
    FILTER_VALIDATE_FLOAT Validates value as float
    FILTER_VALIDATE_INT Validates value as integer
    FILTER_VALIDATE_IP Validates value as IP address
    FILTER_VALIDATE_MAC Validates value as MAC address
    FILTER_VALIDATE_REGEXP Validates value against a regular expression
    FILTER_VALIDATE_URL Validates value as URL
    FILTER_SANITIZE_ADD_SLASHES Added as a replacement for FILTER_SANITIZE_MAGIC_QUOTES
    FILTER_SANITIZE_EMAIL Removes all illegal characters from an e-mail address
    FILTER_SANITIZE_ENCODED Removes/Encodes special characters
    FILTER_SANITIZE_MAGIC_QUOTES Apply addslashes(). Deprecated in PHP 7.3.0 and removed in PHP 8.0.0
    FILTER_SANITIZE_NUMBER_FLOAT Remove all characters, except digits, +- signs, and optionally .,eE
    FILTER_SANITIZE_NUMBER_INT Removes all characters except digits and + - signs
    FILTER_SANITIZE_SPECIAL_CHARS Removes special characters
    FILTER_SANITIZE_STRING Removes tags/special characters from a string. Deprecated in PHP 8.1.0
    FILTER_SANITIZE_STRIPPED Alias of FILTER_SANITIZE_STRING. Deprecated in PHP 8.1.0
    FILTER_SANITIZE_URL Removes all illegal character from a URL
    FILTER_UNSAFE_RAW Do nothing, optionally strip/encode special characters
    FILTER_CALLBACK Call a user-defined function to filter data
    Navigate this PHP reference guide

    Eventually the navigation links, above, will be replaced by these << (previous) and >> (next) buttons below.



    Animated PHP icons used in the buttons provided by ICONS8.COM. Smartphone icons created by Freepik - Flaticon

    PHP Quiz