= PHP_5_2_0, PHP_7, PHP_8 // filter_id() - PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // filter_input_array() - PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // filter_input() - PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // filter_list() - PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // filter_var_array() - PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // filter_var() - PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // ============================== USING CLASSES (0) // ============================== USING DATA_TYPES (7) // bool // int // string // false // array // null // mixed // ============================== END // REQUIREMENTS // ============================== // ============================== BEGIN // PHP_VARIABLE_FILTER // ============================== ABOUT // PHP Manual / Function Reference / Variable and Type Related Extensions / Filter - Data Filtering // URL: https://www.php.net/manual/en/book.filter.php // ============================== DESCRIPTION // DATA_FILTERING // // DATA_FILTERING - BEGIN // Data Filtering // // INTRODUCTION // INSTALLING_CONFIGURING // TYPES_OF_FILTERS // PREDEFINED_CONSTANTS // EXAMPLES // FILTER_FUNCTIONS // // INTRODUCTION - BEGIN // Introduction // // This extension filters data by either validating or sanitizing it. This is especially useful when the data source contains unknown (or foreign) data, like user supplied input. For example, this data may come from an HTML form. // There are two main types of filtering: validation and sanitization. // Validation is used to validate or check if the data meets certain qualifications. For example, passing in FILTER_VALIDATE_EMAIL will determine if the data is a valid email address, but will not change the data itself. // Sanitization will sanitize the data, so it may alter it by removing undesired characters. For example, passing in FILTER_SANITIZE_EMAIL will remove characters that are inappropriate for an email address to contain. That said, it does not validate the data. // Flags are optionally used with both validation and sanitization to tweak behaviour according to need. For example, passing in FILTER_FLAG_PATH_REQUIRED while filtering an URL will require a path (like /foo in http://example.org/foo) to be present. // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/intro.filter.php // INTRODUCTION - END // // INSTALLING_CONFIGURING - BEGIN // Installing/Configuring // // REQUIREMENTS // INSTALLATION // RUNTIME_CONFIGURATION // RESOURCE_TYPES // // REQUIREMENTS - BEGIN // Requirements // // No external libraries are needed to build this extension. // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.requirements.php // REQUIREMENTS - END // // INSTALLATION - BEGIN // Installation // // This extension is enabled by default. It may be disabled by using the following option at compile time: --disable-filter // // ===== LITERATURE_SOURCES // * PHP_NET (2024-01-22) // URL: https://www.php.net/manual/en/filter.installation.php // INSTALLATION - END // // RUNTIME_CONFIGURATION - BEGIN // Runtime Configuration // // The behaviour of these functions is affected by settings in php.ini. // // Filter Configuration Options // Name | Default | Changeable | Changelog // filter.default | "unsafe_raw" | PHP_INI_PERDIR | Deprecated as of PHP 8.1.0. // filter.default_flags | NULL | PHP_INI_PERDIR | // // For further details and definitions of the PHP_INI_* modes, see the Where a configuration setting may be set. // Here's a short explanation of the configuration directives. // // filter.default string - Filter all $_GET, $_POST, $_COOKIE, $_REQUEST and $_SERVER data by this filter. Original data can be accessed through filter_input(). // Accepts the name of the filter you like to use by default. See the existing filter list for the list of the filter names. // Note: // Be careful about the default flags for the default filters. You should explicitly set them to the value you want. For example, to configure the default filter to behave exactly like htmlspecialchars() you need to set them default flags to 0 as shown below. // [example] // Example #1 Configuring the default filter to act like htmlspecialchars // [code] // filter.default = full_special_chars // filter.default_flags = 0 // [/code] // [/example] // filter.default_flags int - Default flags to apply when the default filter is set. This is set to FILTER_FLAG_NO_ENCODE_QUOTES by default for backwards compatibility reasons. See the flag list for the list of all the flag names. // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.configuration.php // RUNTIME_CONFIGURATION - END // // RESOURCE_TYPES - BEGIN // Resource Types // // This extension has no resource types defined. // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.resources.php // RESOURCE_TYPES - END // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.setup.php // INSTALLING_CONFIGURING - END // // TYPES_OF_FILTERS - BEGIN // Types of filters // // VALIDATE_FILTERS // SANITIZE_FILTERS // OTHER_FILTERS // FILTER_FLAGS // // VALIDATE_FILTERS - BEGIN // Validate filters // // Listing of filters for validation // ID (Name) - Options ; Flags ; Description // FILTER_VALIDATE_BOOLEAN, FILTER_VALIDATE_BOOL ("boolean") - default ; FILTER_NULL_ON_FAILURE ; // Returns true for "1", "true", "on" and "yes". Returns false otherwise. // If FILTER_NULL_ON_FAILURE is set, false is returned only for "0", "false", "off", "no", and "", and null is returned for all non-boolean values. // String values are trimmed using trim() before comparison. // FILTER_VALIDATE_DOMAIN ("validate_domain") - default ; FILTER_FLAG_HOSTNAME, FILTER_NULL_ON_FAILURE ; // Validates whether the domain name label lengths are valid. // Validates domain names against RFC 1034, RFC 1035, RFC 952, RFC 1123, RFC 2732, RFC 2181, and RFC 1123. Optional flag FILTER_FLAG_HOSTNAME adds ability to specifically validate hostnames (they must start with an alphanumeric character and contain only alphanumerics or hyphens). // FILTER_VALIDATE_EMAIL ("validate_email") - default ; FILTER_FLAG_EMAIL_UNICODE, FILTER_NULL_ON_FAILURE ; // Validates whether the value is a valid e-mail address. // In general, this validates e-mail addresses against the addr-specsyntax in > RFC 822, with the exceptions that comments and whitespace folding and dotless domain names are not supported. // FILTER_VALIDATE_FLOAT ("float") - default, decimal, min_range, max_range ; FILTER_FLAG_ALLOW_THOUSAND, FILTER_NULL_ON_FAILURE ; // Validates value as float, optionally from the specified range, and converts to float on success. // String values are trimmed using trim() before comparison. // FILTER_VALIDATE_INT ("int") - default, min_range, max_range ; FILTER_FLAG_ALLOW_OCTAL, FILTER_FLAG_ALLOW_HEX, FILTER_NULL_ON_FAILURE ; // Validates value as integer, optionally from the specified range, and converts to int on success. // String values are trimmed using trim() before comparison. // FILTER_VALIDATE_IP ("validate_ip") - default ; FILTER_FLAG_IPV4, FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE, FILTER_FLAG_GLOBAL_RANGE, FILTER_NULL_ON_FAILURE ; Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges. // FILTER_VALIDATE_MAC ("validate_mac_address") - default ; FILTER_NULL_ON_FAILURE ; Validates value as MAC address. // FILTER_VALIDATE_REGEXP ("validate_regexp") - default, regexp ; FILTER_NULL_ON_FAILURE ; Validates value against regexp, a Perl-compatible regular expression. // FILTER_VALIDATE_URL ("validate_url") - default ; FILTER_FLAG_SCHEME_REQUIRED, FILTER_FLAG_HOST_REQUIRED, FILTER_FLAG_PATH_REQUIRED, FILTER_FLAG_QUERY_REQUIRED, FILTER_NULL_ON_FAILURE ; Validates value as URL (according to > http://www.faqs.org/rfcs/rfc2396), optionally with required components. Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// or mailto:. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail. // Note: When default is set to option, default's value is used if value is not validated. // // Changelog // Version - Description // 8.0.0 - The FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED flags for the FILTER_VALIDATE_URL filter have been removed. The scheme and host are (and have been) always required. // 8.0.0 - Added FILTER_VALIDATE_BOOL as an alias for FILTER_VALIDATE_BOOLEAN. Using FILTER_VALIDATE_BOOL is preferred. // 7.4.0 - Added min_range and max_range options for FILTER_VALIDATE_FLOAT. // 7.0.0 - Added FILTER_FLAG_HOSTNAME and FILTER_VALIDATE_DOMAIN. // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.filters.validate.php // VALIDATE_FILTERS - END // // SANITIZE_FILTERS - BEGIN // Sanitize filters // // List of filters for sanitization // ID | Name - Flags ; Description // FILTER_SANITIZE_EMAIL | "email" - ; Remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[]. // FILTER_SANITIZE_ENCODED | "encoded" - FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH ; URL-encode string, optionally strip or encode special characters. // FILTER_SANITIZE_MAGIC_QUOTES | "magic_quotes" - ; Apply addslashes(). (DEPRECATED as of PHP 7.3.0 and REMOVED as of PHP 8.0.0, use FILTER_SANITIZE_ADD_SLASHES instead.) // FILTER_SANITIZE_ADD_SLASHES | "add_slashes" - ; Apply addslashes(). (Available as of PHP 7.3.0) // FILTER_SANITIZE_NUMBER_FLOAT | "number_float" - FILTER_FLAG_ALLOW_FRACTION, FILTER_FLAG_ALLOW_THOUSAND, FILTER_FLAG_ALLOW_SCIENTIFIC ; Remove all characters except digits, +- and optionally .,eE. // FILTER_SANITIZE_NUMBER_INT | "number_int" - ; Remove all characters except digits, plus and minus sign. // FILTER_SANITIZE_SPECIAL_CHARS | "special_chars" - FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_HIGH ; HTML-encode '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters. // FILTER_SANITIZE_FULL_SPECIAL_CHARS | "full_special_chars" - FILTER_FLAG_NO_ENCODE_QUOTES ; Equivalent to calling htmlspecialchars() with ENT_QUOTES set. Encoding quotes can be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars(), this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0. // FILTER_SANITIZE_STRING | "string" - FILTER_FLAG_NO_ENCODE_QUOTES, FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP ; Strip tags and HTML-encode double and single quotes, optionally strip or encode special characters. Encoding quotes can be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. (Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.) // FILTER_SANITIZE_STRIPPED | "stripped" - ; Alias of "string" filter. (Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.) // FILTER_SANITIZE_URL | "url" - ; Remove all characters except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=. // FILTER_UNSAFE_RAW | "unsafe_raw" - FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP ; Do nothing, optionally strip or encode special characters. This filter is also aliased to FILTER_DEFAULT. // Warning: When using one of these filters as a default filter either through your ini file or through your web server's configuration, the default flags is set to FILTER_FLAG_NO_ENCODE_QUOTES. You need to explicitly set filter.default_flags to 0 to have quotes encoded by default. Like this: // [example] // Example #1 Configuring the default filter to act like htmlspecialchars // [code] // filter.default = full_special_chars // filter.default_flags = 0 // [/code] // [/example] // // Changelog // Version - Description // 8.1.0 - FILTER_SANITIZE_STRING and FILTER_SANITIZE_STRIPPED have been deprecated. // 8.0.0 - FILTER_SANITIZE_MAGIC_QUOTES has been removed. // 7.3.0 - FILTER_SANITIZE_ADD_SLASHES was added as a replacement for FILTER_SANITIZE_MAGIC_QUOTES // 7.3.0 - FILTER_SANITIZE_MAGIC_QUOTES has been deprecated. // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.filters.sanitize.php // SANITIZE_FILTERS - END // // OTHER_FILTERS - BEGIN // Other filters // // List of miscellaneous filters // ID | Name | Options | Flags | Description // FILTER_CALLBACK | "callback" | callable function or method | All flags are ignored | Call user-defined function to filter data. // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.filters.misc.php // OTHER_FILTERS - END // // FILTER_FLAGS - BEGIN // Filter flags // // List of filter flags // ID - Used with ; Description // FILTER_FLAG_STRIP_LOW - FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW ; Strips characters that have a numerical value <32. // FILTER_FLAG_STRIP_HIGH - FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW ; Strips characters that have a numerical value >127. // FILTER_FLAG_STRIP_BACKTICK - FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW ; Strips backtick characters. // FILTER_FLAG_ALLOW_FRACTION - FILTER_SANITIZE_NUMBER_FLOAT ; Allows a period (.) as a fractional separator in numbers. // FILTER_FLAG_ALLOW_THOUSAND - FILTER_SANITIZE_NUMBER_FLOAT, FILTER_VALIDATE_FLOAT ; Allows a comma (,) as a thousands separator in numbers. // FILTER_FLAG_ALLOW_SCIENTIFIC - FILTER_SANITIZE_NUMBER_FLOAT ; Allows an e or E for scientific notation in numbers. // FILTER_FLAG_NO_ENCODE_QUOTES - FILTER_SANITIZE_STRING ; If this flag is present, single (') and double (") quotes will not be encoded. // FILTER_FLAG_ENCODE_LOW - FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW ; Encodes all characters with a numerical value <32. // FILTER_FLAG_ENCODE_HIGH - FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW ; Encodes all characters with a numerical value >127. // FILTER_FLAG_ENCODE_AMP - FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW ; Encodes ampersands (&). // FILTER_NULL_ON_FAILURE - any FILTER_VALIDATE_* ; Returns null for unrecognized values. // FILTER_FLAG_ALLOW_OCTAL - FILTER_VALIDATE_INT ; Regards inputs starting with a zero (0) as octal numbers. This only allows the succeeding digits to be 0-7. // FILTER_FLAG_ALLOW_HEX - FILTER_VALIDATE_INT ; Regards inputs starting with 0x or 0X as hexadecimal numbers. This only allows succeeding characters to be a-fA-F0-9. // FILTER_FLAG_EMAIL_UNICODE - FILTER_VALIDATE_EMAIL ; Allows the local part of the email address to contain Unicode characters. // FILTER_FLAG_IPV4 - FILTER_VALIDATE_IP ; Allows the IP address to be in IPv4 format. // FILTER_FLAG_IPV6 - FILTER_VALIDATE_IP ; Allows the IP address to be in IPv6 format. // FILTER_FLAG_NO_PRIV_RANGE - FILTER_VALIDATE_IP ; // Fails validation for the following private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. // Fails validation for the IPv6 addresses starting with FD or FC. // FILTER_FLAG_NO_RES_RANGE - FILTER_VALIDATE_IP ; // Fails validation for the following reserved IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8 and 240.0.0.0/4. // Fails validation for the following reserved IPv6 ranges: ::1/128, ::/128, ::ffff:0:0/96 and fe80::/10. // These are the ranges that are marked as Reserved-By-Protocol in > RFC 6890. // FILTER_FLAG_GLOBAL_RANGE - FILTER_VALIDATE_IP ; // Fails validation for non global IPv4/IPv6 ranges as found in > RFC 6890 with the Global attribute being False. // FILTER_FLAG_SCHEME_REQUIRED - FILTER_VALIDATE_URL ; Requires the URL to contain a scheme part. // FILTER_FLAG_HOST_REQUIRED - FILTER_VALIDATE_URL ; Requires the URL to contain a host part. // FILTER_FLAG_PATH_REQUIRED - FILTER_VALIDATE_URL ; Requires the URL to contain a path part. // FILTER_FLAG_QUERY_REQUIRED - FILTER_VALIDATE_URL ; Requires the URL to contain a query string. // FILTER_REQUIRE_SCALAR - ; Requires the value to be scalar. // FILTER_REQUIRE_ARRAY - ; Requires the value to be an array. Filter given will be applied to each scalar entry of the array. // FILTER_FORCE_ARRAY - ; If the value is a scalar, it is treated as array with the scalar value as only element. // // Changelog // Version - Description // 8.2.0 - FILTER_FLAG_GLOBAL_RANGE as a flag to FILTER_VALIDATE_IP has been added. // 7.3.0 - The explicit usage of FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED has been deprecated. // 7.1.0 - FILTER_FLAG_EMAIL_UNICODE has been added. // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.filters.flags.php // FILTER_FLAGS - END // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.filters.php // TYPES_OF_FILTERS - END // // PREDEFINED_CONSTANTS - BEGIN // Predefined Constants // // The constants below are defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime. // // INPUT_POST (int) - POST variables. // INPUT_GET (int) - GET variables. // INPUT_COOKIE (int) - COOKIE variables. // INPUT_ENV (int) - ENV variables. // INPUT_SERVER (int) - SERVER variables. // INPUT_SESSION (int) - SESSION variables. (not implemented yet) // INPUT_REQUEST (int) - REQUEST variables. (not implemented yet) // FILTER_FLAG_NONE (int) - No flags. // FILTER_REQUIRE_SCALAR (int) - Flag used to require scalar as input // FILTER_REQUIRE_ARRAY (int) - Require an array as input. // FILTER_FORCE_ARRAY (int) - Always returns an array. // FILTER_NULL_ON_FAILURE (int) - Use NULL instead of FALSE on failure. // FILTER_VALIDATE_INT (int) - ID of "int" filter. // FILTER_VALIDATE_BOOL (int) - Alias of FILTER_VALIDATE_BOOLEAN. // FILTER_VALIDATE_BOOLEAN (int) - ID of "boolean" filter. // FILTER_VALIDATE_FLOAT (int) - ID of "float" filter. // FILTER_VALIDATE_REGEXP (int) - ID of "validate_regexp" filter. // FILTER_VALIDATE_URL (int) - ID of "validate_url" filter. // FILTER_VALIDATE_DOMAIN (int) - ID of "validate_domain" filter. (Available as of PHP 7.0.0) // FILTER_VALIDATE_EMAIL (int) - ID of "validate_email" filter. // FILTER_VALIDATE_IP (int) - ID of "validate_ip" filter. // FILTER_VALIDATE_MAC (int) - ID of "validate_mac_address" filter. // FILTER_DEFAULT (int) - ID of default ("unsafe_raw") filter. This is equivalent to FILTER_UNSAFE_RAW. // FILTER_UNSAFE_RAW (int) - ID of "unsafe_raw" filter. // FILTER_SANITIZE_STRING (int) - ID of "string" filter. (Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.) // FILTER_SANITIZE_STRIPPED (int) - ID of "stripped" filter. (Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.) // FILTER_SANITIZE_ENCODED (int) - ID of "encoded" filter. // FILTER_SANITIZE_SPECIAL_CHARS (int) - ID of "special_chars" filter. // FILTER_SANITIZE_EMAIL (int) - ID of "email" filter. // FILTER_SANITIZE_URL (int) - ID of "url" filter. // FILTER_SANITIZE_NUMBER_INT (int) - ID of "number_int" filter. // FILTER_SANITIZE_NUMBER_FLOAT (int) - ID of "number_float" filter. // FILTER_SANITIZE_MAGIC_QUOTES (int) - ID of "magic_quotes" filter. (DEPRECATED as of PHP 7.3.0 and REMOVED as of PHP 8.0.0, use FILTER_SANITIZE_ADD_SLASHES instead.) // FILTER_SANITIZE_ADD_SLASHES (int) - ID of "add_slashes" filter. (Available as of PHP 7.3.0) // FILTER_CALLBACK (int) - ID of "callback" filter. // FILTER_FLAG_ALLOW_OCTAL (int) - Allow octal notation (0[0-7]+) in "int" filter. // FILTER_FLAG_ALLOW_HEX (int) - Allow hex notation (0x[0-9a-fA-F]+) in "int" filter. // FILTER_FLAG_STRIP_LOW (int) - Strip characters with ASCII value less than 32. // FILTER_FLAG_STRIP_HIGH (int) - Strip characters with ASCII value greater than 127. // FILTER_FLAG_STRIP_BACKTICK (int) - Strips backtick characters. // FILTER_FLAG_ENCODE_LOW (int) - Encode characters with ASCII value less than 32. // FILTER_FLAG_ENCODE_HIGH (int) - Encode characters with ASCII value greater than 127. // FILTER_FLAG_ENCODE_AMP (int) - Encode &. // FILTER_FLAG_NO_ENCODE_QUOTES (int) - Don't encode ' and ". // FILTER_FLAG_EMPTY_STRING_NULL (int) - (No use for now.) // FILTER_FLAG_ALLOW_FRACTION (int) - Allow fractional part in "number_float" filter. // FILTER_FLAG_ALLOW_THOUSAND (int) - Allow thousand separator (,) in "number_float" filter. // FILTER_FLAG_ALLOW_SCIENTIFIC (int) - Allow scientific notation (e, E) in "number_float" filter. // FILTER_FLAG_PATH_REQUIRED (int) - Require path in "validate_url" filter. // FILTER_FLAG_QUERY_REQUIRED (int) - Require query in "validate_url" filter. // FILTER_FLAG_SCHEME_REQUIRED (int) - Require scheme in "validate_url" filter. (Deprecated as of PHP 7.3.0 and removed as of PHP 8.0.0, as it is implied in the filter already.) // FILTER_FLAG_HOST_REQUIRED (int) - Require host in "validate_url" filter. (Deprecated as of PHP 7.3.0 and removed as of PHP 8.0.0, as it is implied in the filter already.) // FILTER_FLAG_HOSTNAME (int) - Require hostnames to start with an alphanumeric character and contain only alphanumerics or hyphens. (Available as of PHP 7.0.0) // FILTER_FLAG_IPV4 (int) - Allow only IPv4 address in "validate_ip" filter. // FILTER_FLAG_IPV6 (int) - Allow only IPv6 address in "validate_ip" filter. // FILTER_FLAG_NO_RES_RANGE (int) - Deny reserved addresses in "validate_ip" filter. // FILTER_FLAG_NO_PRIV_RANGE (int) - Deny private addresses in "validate_ip" filter. // FILTER_FLAG_EMAIL_UNICODE (int) - Accepts Unicode characters in the local part in "validate_email" filter. (Available as of PHP 7.1.0) // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.constants.php // PREDEFINED_CONSTANTS - END // // EXAMPLES - BEGIN // Examples // // VALIDATION // SANITIZATION // // VALIDATION - BEGIN // Validation // // [example] // Example #1 Validating email addresses with filter_var() // [php] // $email_a = 'joe@example.com'; // $email_b = 'bogus'; // // if (filter_var($email_a, FILTER_VALIDATE_EMAIL)) { // echo "Email address '$email_a' is considered valid.\n"; // } // if (filter_var($email_b, FILTER_VALIDATE_EMAIL)) { // echo "Email address '$email_b' is considered valid.\n"; // } else { // echo "Email address '$email_b' is considered invalid.\n"; // } // [/php] // The above example will output: // [result] // Email address 'joe@example.com' is considered valid. // Email address 'bogus' is considered invalid. // [/result] // [/example] // [example] // Example #2 Validating IP addresses with filter_var() // [php] // $ip_a = '127.0.0.1'; // $ip_b = '42.42'; // // if (filter_var($ip_a, FILTER_VALIDATE_IP)) { // echo "IP address '$ip_a' is considered valid."; // } // if (filter_var($ip_b, FILTER_VALIDATE_IP)) { // echo "IP address '$ip_b' is considered valid."; // } // [/php] // The above example will output: // [result] // IP address '127.0.0.1' is considered valid. // [/result] // [/example] // [example] // Example #3 Passing options to filter_var() // [php] // $int_a = '1'; // $int_b = '-1'; // $int_c = '4'; // $options = array( // 'options' => array( // 'min_range' => 0, // 'max_range' => 3, // ) // ); // if (filter_var($int_a, FILTER_VALIDATE_INT, $options) !== FALSE) { // echo "Integer A '$int_a' is considered valid (between 0 and 3).\n"; // } // if (filter_var($int_b, FILTER_VALIDATE_INT, $options) !== FALSE) { // echo "Integer B '$int_b' is considered valid (between 0 and 3).\n"; // } // if (filter_var($int_c, FILTER_VALIDATE_INT, $options) !== FALSE) { // echo "Integer C '$int_c' is considered valid (between 0 and 3).\n"; // } // // $options['options']['default'] = 1; // if (($int_c = filter_var($int_c, FILTER_VALIDATE_INT, $options)) !== FALSE) { // echo "Integer C '$int_c' is considered valid (between 0 and 3)."; // } // [/php] // The above example will output: // [result] // Integer A '1' is considered valid (between 0 and 3). // Integer C '1' is considered valid (between 0 and 3). // [/result] // [/example] // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.examples.validation.php // VALIDATION - END // // SANITIZATION - BEGIN // Sanitization // // [example] // Example #1 Sanitizing and validating email addresses // [php] // $a = 'joe@example.org'; // $b = 'bogus - at - example dot org'; // $c = '(bogus@example.org)'; // // $sanitized_a = filter_var($a, FILTER_SANITIZE_EMAIL); // if (filter_var($sanitized_a, FILTER_VALIDATE_EMAIL)) { // echo "This (a) sanitized email address is considered valid.\n"; // } // // $sanitized_b = filter_var($b, FILTER_SANITIZE_EMAIL); // if (filter_var($sanitized_b, FILTER_VALIDATE_EMAIL)) { // echo "This sanitized email address is considered valid."; // } else { // echo "This (b) sanitized email address is considered invalid.\n"; // } // // $sanitized_c = filter_var($c, FILTER_SANITIZE_EMAIL); // if (filter_var($sanitized_c, FILTER_VALIDATE_EMAIL)) { // echo "This (c) sanitized email address is considered valid.\n"; // echo "Before: $c\n"; // echo "After: $sanitized_c\n"; // } // [/php] // The above example will output: // [result] // This (a) sanitized email address is considered valid. // This (b) sanitized email address is considered invalid. // This (c) sanitized email address is considered valid. // Before: (bogus@example.org) // After: bogus@example.org // [/result] // [/example] // [example] // Example #2 Configuring a default filter // [code] // filter.default = full_special_chars // filter.default_flags = 0 // [/code] // [/example] // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.examples.sanitization.php // SANITIZATION - END // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/filter.examples.php // EXAMPLES - END // // FILTER_FUNCTIONS - BEGIN // Filter Functions // // Table of Contents // * filter_has_var - Checks if variable of specified type exists // * filter_id - Returns the filter ID belonging to a named filter // * filter_input_array - Gets external variables and optionally filters them // * filter_input - Gets a specific external variable by name and optionally filters it // * filter_list - Returns a list of all supported filters // * filter_var_array - Gets multiple variables and optionally filters them // * filter_var - Filters a variable with a specified filter // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/ref.filter.php // FILTER_FUNCTIONS - END // // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/book.filter.php // DATA_FILTERING - END // ============================== // ============================== BEGIN // PHP_VARIABLE_FILTER_FILTER_HAS_VAR // ============================== PUBLIC // ============================== ABOUT // Checks if variable of specified type exists. // ============================== SUPPORT // PHP_5 - PHP_8 // ============================== USING FUNCTIONS (1) // filter_has_var() - PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // ============================== CODE function php_variable_filter_filter_has_var($input_type, $var_name) { $return_filter_has_var = false; // ========== FILTER_HAS_VAR - BEGIN // ===== ABOUT // Checks if variable of specified type exists // ===== DESCRIPTION // ===== SUPPORTED // PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // ===== SYNTAX // filter_has_var(int $input_type, string $var_name): bool // ===== CODE $return_filter_has_var = filter_has_var( $input_type, // int input_type - One of INPUT_GET, INPUT_POST, INPUT_COOKIE, INPUT_SERVER, or INPUT_ENV. $var_name // string var_name - Name of a variable to check. ); // Return Values // Returns true on success or false on failure. // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/function.filter-has-var.php // ========== FILTER_HAS_VAR - END // SYNTAX: // bool filter_has_var(int $input_type, string $var_name) return $return_filter_has_var; // bool } // ============================== END // PHP_VARIABLE_FILTER_FILTER_HAS_VAR // ============================== // ============================== BEGIN // PHP_VARIABLE_FILTER_FILTER_ID // ============================== PUBLIC // ============================== ABOUT // Returns the filter ID belonging to a named filter. // ============================== SUPPORT // PHP_5 - PHP_8 // ============================== USING FUNCTIONS (1) // filter_id() - PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // ============================== CODE function php_variable_filter_filter_id($name) { $return_filter_id = false; // ========== FILTER_ID - BEGIN // ===== ABOUT // Returns the filter ID belonging to a named filter // ===== DESCRIPTION // ===== SUPPORTED // PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // ===== SYNTAX // filter_id(string $name): int|false // ===== CODE $return_filter_id = filter_id( $name // string name - Name of a filter to get. ); // Return Values // ID of a filter on success or false if filter doesn't exist. // ===== LITERATURE_SOURCES // * PHP_NET (2023-09-22) // URL: https://www.php.net/manual/en/function.filter-id.php // ========== FILTER_ID - END // SYNTAX: // int|false filter_id(string $name) return $return_filter_id; // int|false } // ============================== END // PHP_VARIABLE_FILTER_FILTER_ID // ============================== // ============================== BEGIN // PHP_VARIABLE_FILTER_FILTER_INPUT_ARRAY // ============================== PUBLIC // ============================== ABOUT // Gets external variables and optionally filters them. // ============================== SUPPORT // PHP_5 - PHP_8 // ============================== USING FUNCTIONS (1) // filter_input_array() - PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // ============================== USING CONSTANTS (1) // FILTER_DEFAULT - filter_input_array() // ============================== CODE function php_variable_filter_filter_input_array($type, $options = FILTER_DEFAULT, $add_empty = true) { $return_filter_input_array = false; // ========== FILTER_INPUT_ARRAY - BEGIN // ===== ABOUT // Gets external variables and optionally filters them // ===== DESCRIPTION // This function is useful for retrieving many values without repetitively calling filter_input(). // ===== SUPPORTED // PHP_5 >= PHP_5_2_0, PHP_7, PHP_8 // ===== SYNTAX // filter_input_array(int $type, array|int $options = FILTER_DEFAULT, bool $add_empty = true): array|false|null // ===== CODE $return_filter_input_array = filter_input_array( $type, // int type - One of INPUT_GET, INPUT_POST, INPUT_COOKIE, INPUT_SERVER, or INPUT_ENV. $options, // array|int options - An array defining the arguments. A valid key is a string containing a variable name and a valid value is either a filter type, or an array optionally specifying the filter, flags and options. If the value is an array, valid keys are filter which specifies the filter type, flags which specifies any flags that apply to the filter, and options which specifies any options that apply to the filter. See the example below for a better understanding. // This parameter can be also an integer holding a filter constant. Then all values in the input array are filtered by this filter. $add_empty // bool add_empty - Add missing keys as null to the return value. ); // Return Values // An array containing the values of the requested variables on success. If the input array designated by type is not populated, the function returns null if the FILTER_NULL_ON_FAILURE flag is not given, or false otherwise. For other failures, false is returned. // An array value will be false if the filter fails, or null if the variable is not set. Or if the flag FILTER_NULL_ON_FAILURE is used, it returns false if the variable is not set and null if the filter fails. If the add_empty parameter is false, no array element will be added for unset variables. // // [examples] // Examples // [example] // Example #1 A filter_input_array() example // [php] // // /* data actually came from POST // $_POST = array( // 'product_id' => 'libgd