PHP 7 Filters
The PHP filters is used to sanitize and validate and data coming from insecure sources, like user input.
PHP Filter Functions
Since PHP 5.2.0, the filter functions are enabled by default. You can use them directly in your code without any further installation.
Function | Description |
---|---|
filter_has_var() | Checks if variable of specified type exists |
filter_id() | Returns the ID number of a specified filter |
filter_input() | Gets a specific external variable by name and optionally filters it |
filter_input_array() | Gets multiple external variables and optionally filters them |
filter_list() | Returns an array of all supported filters |
filter_var_array() | Gets multiple variables and optionally filters them |
filter_var() | Filters a variable with a specified filter |
PHP Sanitize Filters
The sanitize filters are used to sanitize or clean the user inputs.
ID | Description |
---|---|
FILTER_SANITIZE_EMAIL | Remove all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[] |
FILTER_SANITIZE_ENCODED | URL-encode string, optionally strip or encode special characters. |
FILTER_SANITIZE_MAGIC_QUOTES | Apply addslashes() . |
FILTER_SANITIZE_NUMBER_FLOAT | Remove all characters except digits, +- and optionally .,eE |
FILTER_SANITIZE_NUMBER_INT | Remove all characters except digits, plus (+) and minus (-) sign. |
FILTER_SANITIZE_SPECIAL_CHARS | HTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters. |
FILTER_SANITIZE_STRING | Strip tags, optionally strip or encode special characters. |
FILTER_SANITIZE_STRIPPED | Alias of "string" filter. |
FILTER_SANITIZE_URL | Remove all characters except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&= |
FILTER_UNSAFE_RAW | Do nothing, optionally strip or encode special characters. |
Validate Filters
The sanitize filters are used to validate the user inputs.
ID | Description |
---|---|
FILTER_VALIDATE_BOOLEAN | Returns TRUE for "1", "true", "on" and "yes". Returns FALSE otherwise. |
FILTER_VALIDATE_EMAIL | Validates value as e-mail. |
FILTER_VALIDATE_FLOAT | Validates value as float. |
FILTER_VALIDATE_INT | Validates value as integer optionally from the specified range. |
FILTER_VALIDATE_IP | Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges. |
FILTER_VALIDATE_REGEXP | Validates value against regexp, a Perl-compatible regular expression. |
FILTER_VALIDATE_URL | Validates value as URL, optionally with required components. |