PHP Manual: Runtime Configuration

Runtime Configuration

The behaviour of these functions is affected by settings in php.ini.

**Filter Configuration Options**
Name	Default	Changeable	Changelog
filter.default	"unsafe_raw"	`INI_PERDIR`	Deprecated as of PHP 8.1.0.
filter.default_flags	NULL	`INI_PERDIR`

For further details and definitions of the INI_* modes, see the Where a configuration setting may be set.

Here's a short explanation of the configuration directives.

filter.default string

Filter all $_GET, $_POST, $_COOKIE, $_REQUEST and $_SERVER data by this filter. Original data can be accessed through filter_input.

Must be the name of a filter which can be determined by using filter_list and filter_id.

Note: Be careful about the default flags for the default filters. They should be set explicitly. For example, to configure the default filter to behave exactly like htmlspecialchars the default flags must be set to 0, as shown in the example below.
Example #1 Configuring the default filter to act like htmlspecialchars
filter.default = full_special_chars
filter.default_flags = 0

Warning

This INI setting is deprecated as of PHP 8.1.0.

filter.default_flags int

Default flags to apply when the default filter is set. This is set to FILTER_FLAG_NO_ENCODE_QUOTES by default for backwards compatibility reasons. See FILTER_FLAG_* constants for available flags.