|
Predefined Constants
The constants below are defined by this extension, and
will only be available when the extension has either
been compiled into PHP or dynamically loaded at runtime.
Input Constants
These constants are used by
filter_input and
filter_input_array.
-
INPUT_POST
(int)
-
POST variables.
-
INPUT_GET
(int)
-
GET variables.
-
INPUT_COOKIE
(int)
-
COOKIE variables.
-
INPUT_ENV
(int)
-
ENV variables.
-
INPUT_SERVER
(int)
-
SERVER variables.
-
INPUT_SESSION
(int)
-
SESSION variables.
(Removed as of PHP 8.0.0; was not implemented previously)
-
INPUT_REQUEST
(int)
-
REQUEST variables.
(Removed as of PHP 8.0.0; was not implemented previously)
Generic Filter Flags
-
FILTER_FLAG_NONE
(int)
-
No flags.
-
FILTER_REQUIRE_SCALAR
(int)
-
Flag used to require the input of the filter to be a scalar.
-
FILTER_REQUIRE_ARRAY
(int)
-
Flag used to require the input of the filter to be an array.
-
FILTER_FORCE_ARRAY
(int)
-
This flags wraps scalar inputs into a one element array
for filters which operate on arrays.
-
FILTER_NULL_ON_FAILURE
(int)
-
Use
null instead of false on failure.
Usable with any validation
FILTER_VALIDATE_*
filter.
Sanitization Filter Flags
-
FILTER_FLAG_STRIP_LOW
(int)
-
Strip characters with ASCII value less than 32.
-
FILTER_FLAG_STRIP_HIGH
(int)
-
Strip characters with ASCII value greater than 127.
-
FILTER_FLAG_STRIP_BACKTICK
(int)
-
Strips backtick (
` ) characters.
-
FILTER_FLAG_ENCODE_LOW
(int)
-
Encode characters with ASCII value less than 32.
-
FILTER_FLAG_ENCODE_HIGH
(int)
-
Encode characters with ASCII value greater than 127.
-
FILTER_FLAG_ENCODE_AMP
(int)
-
Encode
& .
-
FILTER_FLAG_NO_ENCODE_QUOTES
(int)
-
Singe and double quotes (
' and " )
will not be encoded.
-
FILTER_FLAG_EMPTY_STRING_NULL
(int)
-
If sanitizing a string results in an empty string,
convert the value to
null
Validation Filters
-
FILTER_VALIDATE_BOOL
(int)
-
Returns
true for "1" ,
"true" ,
"on" ,
and "yes" .
Returns false for "0" ,
"false" ,
"off" ,
"no" , and
"" .
The return value for non-boolean values depends on the
FILTER_NULL_ON_FAILURE .
If it is set, null is returned, otherwise false is returned.
Available options
-
default
-
Value to return in case the filter fails.
Available as of PHP 8.0.0.
-
FILTER_VALIDATE_BOOLEAN
(int)
-
Alias of
FILTER_VALIDATE_BOOL .
The alias was available prior to the introduction of its canonical
name in PHP 8.0.0.
-
FILTER_VALIDATE_INT
(int)
-
Validates whether the value is an integer,
on success it is converted to type int.
Note:
String values are trimmed using trim
before validation.
Available options
-
default
-
Value to return in case the filter fails.
-
min_range
-
Value is only valid if it is greater than or equal to the provided value.
-
max_range
-
Value is only valid if it is less than or equal to the provided value.
Optional Flags
-
FILTER_FLAG_ALLOW_OCTAL
(int)
-
Allow integers in octal notation
(
0[0-7]+ ).
-
FILTER_FLAG_ALLOW_HEX
(int)
-
Allow integers in hexadecimal notation
(
0x[0-9a-fA-F]+ ).
-
FILTER_VALIDATE_FLOAT
(int)
-
Validates whether the value is a float,
on success it is converted to type float.
Note:
String values are trimmed using trim
before validation.
Available options
-
default
-
Value to return in case the filter fails.
-
decimal
-
-
min_range
-
Value is only valid if it is greater than or equal to the provided value.
Available as of PHP 7.4.0.
-
max_range
-
Value is only valid if it is less than or equal to the provided value.
Available as of PHP 7.4.0.
Optional Flags
-
FILTER_FLAG_ALLOW_THOUSAND
(int)
-
Accept commas (
, ),
which usually represent the thousand separator.
-
FILTER_VALIDATE_REGEXP
(int)
-
Validates value against the regular expression provided by the
regexp option.
Available options
-
default
-
Value to return in case the filter fails.
-
regexp
-
Perl-compatible regular expression.
-
FILTER_VALIDATE_URL
(int)
-
Validates whether the URL name is valid according to
» http://www.faqs.org/rfcs/rfc2396.
Available options
-
default
-
Value to return in case the filter fails.
Optional Flags
-
FILTER_FLAG_SCHEME_REQUIRED
(int)
-
Requires the URL to contain a scheme part.
(Deprecated as of PHP 7.3.0 and removed as of PHP 8.0.0, as it is implied by the filter already.)
-
FILTER_FLAG_HOST_REQUIRED
(int)
-
Requires the URL to contain a host part.
(Deprecated as of PHP 7.3.0 and removed as of PHP 8.0.0, as it is implied by the filter already.)
-
FILTER_FLAG_PATH_REQUIRED
(int)
-
Requires the URL to contain a path part.
-
FILTER_FLAG_QUERY_REQUIRED
(int)
-
Requires the URL to contain a query part.
Warning
A valid URL may not specify the
HTTP protocol (http:// ).
Therefore, further validation may be required to determine if the
URL uses an expected protocol,
e.g. ssh:// or mailto: .
Warning
This filter only works on ASCII URLs.
This means that Internationalized Domain Names (IDN) will always be rejected.
-
FILTER_VALIDATE_DOMAIN
(int)
-
Validates whether the domain name is valid according to
» RFC 952,
» RFC 1034,
» RFC 1035,
» RFC 1123,
» RFC 2732,
and
» RFC 2181.
Available options
-
default
-
Value to return in case the filter fails.
Optional Flags
-
FILTER_FLAG_HOSTNAME
(int)
-
Require hostnames to start with an alphanumeric character and contain
only alphanumerics or hyphens.
-
FILTER_VALIDATE_EMAIL
(int)
-
Validates whether the value is a "valid" e-mail address.
The validation is performed against the
addr-spec
syntax in
» RFC 822.
However, comments, whitespace folding, and dotless domain names
are not supported, and thus will be rejected.
Available options
-
default
-
Value to return in case the filter fails.
Optional Flags
-
FILTER_FLAG_EMAIL_UNICODE
(int)
-
Accepts Unicode characters in the local part.
Available as of PHP 7.1.0.
Warning
Email validation is complex and the only true way to confirm an email
is valid and exists is to send an email to the address.
-
FILTER_VALIDATE_IP
(int)
-
Validates value as IP address.
Available options
-
default
-
Value to return in case the filter fails.
Optional Flags
-
FILTER_FLAG_IPV4
(int)
-
Allow IPv4 address.
-
FILTER_FLAG_IPV6
(int)
-
Allow IPv6 address.
-
FILTER_FLAG_NO_RES_RANGE
(int)
-
Deny reserved addresses.
These are the ranges that are marked as
Reserved-By-Protocol in
» RFC 6890.
Which for IPv4 corresponds to the following ranges:
0.0.0.0/8
169.254.0.0/16
127.0.0.0/8
240.0.0.0/4
.
And for IPv6 corresponds to the following ranges:
::1/128
::/128
::FFFF:0:0/96
FE80::/10
.
-
FILTER_FLAG_NO_PRIV_RANGE
(int)
-
Deny private addresses.
These are IPv4 addresses which are in the following ranges:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
.
These are IPv6 addresses starting with
FD or FC .
-
FILTER_FLAG_GLOBAL_RANGE
(int)
-
Only allow global addresses.
These can be found in
» RFC 6890
where the
Global attribute is True .
Available as of PHP 8.2.0.
-
FILTER_VALIDATE_MAC
(int)
-
Validates whether the value is a MAC address.
Available options
-
default
-
Value to return in case the filter fails.
Sanitizing Filters
-
FILTER_UNSAFE_RAW
(int)
-
ID of "unsafe_raw" filter.
-
FILTER_DEFAULT
(int)
-
Alias of
FILTER_UNSAFE_RAW .
-
FILTER_SANITIZE_STRING
(int)
-
ID of "string" filter.
(Deprecated as of PHP 8.1.0,
use htmlspecialchars instead.)
-
FILTER_SANITIZE_STRIPPED
(int)
-
Alias of
FILTER_SANITIZE_STRING .
(Deprecated as of PHP 8.1.0,
use htmlspecialchars instead.)
-
FILTER_SANITIZE_ENCODED
(int)
-
ID of "encoded" filter.
-
FILTER_SANITIZE_SPECIAL_CHARS
(int)
-
ID of "special_chars" filter.
-
FILTER_SANITIZE_FULL_SPECIAL_CHARS
(int)
-
ID of "full_special_chars" filter.
-
FILTER_SANITIZE_EMAIL
(int)
-
Sanitize the string by remove all characters except
latin letters (
[a-zA-Z] ),
digits ([0-9] ),
and the special characters
!#$%&'*+-=?^_`{|}~@.[] .
-
FILTER_SANITIZE_URL
(int)
-
Sanitize the string by remove all characters except
latin letters (
[a-zA-Z] ),
digits ([0-9] ),
and the special characters
$-_.+!*'(),{}|\\^~[]`<>#%";/?:@&= .
-
FILTER_SANITIZE_NUMBER_INT
(int)
-
Sanitize the string by remove all characters except digits
(
[0-9] ), plus sign (+ ),
and minus sign (- ).
-
FILTER_SANITIZE_NUMBER_FLOAT
(int)
-
Sanitize the string by remove all characters except digits
(
[0-9] ), plus sign (+ ),
and minus sign (- ).
Optional Flags
-
FILTER_FLAG_ALLOW_FRACTION
(int)
-
Accept dot (
. ) character,
which usually represents the separator between the integer and
fractional parts.
-
FILTER_FLAG_ALLOW_THOUSAND
(int)
-
Accept commas (
, ) character,
which usually represents the thousand separator.
-
FILTER_FLAG_ALLOW_SCIENTIFIC
(int)
-
Accept numbers in scientific notation by allowing the
e and E characters.
-
FILTER_SANITIZE_ADD_SLASHES
(int)
-
Apply addslashes to the input.
Available as of PHP 7.3.0.
-
FILTER_SANITIZE_MAGIC_QUOTES
(int)
-
Alias of
FILTER_SANITIZE_ADD_SLASHES .
(DEPRECATED as of PHP 7.3.0 and
REMOVED as of PHP 8.0.0)
User Defined Filter
-
FILTER_CALLBACK
(int)
-
ID of "callback" filter.
|