Introduction

This extension provides filters which can be used to validate or sanitize data. This is especially useful when the data source contains unknown (or foreign) data, like user supplied input. For example, this data may come from an HTML form.

There are two main types of filtering: validation and sanitization.

A validation filter is used to check if the data meets certain criteria. These filters are identified by the FILTER_VALIDATE_* constants. For example, the FILTER_VALIDATE_EMAIL filter can be used to determine if the data is a valid email address. However, it will never alter the input data.

Sanitization on the other hand will "clean up" the data, therefore it may alter the input data by adding or removing characters. These filters are identified by the FILTER_SANITIZE_* constants. For example, the FILTER_SANITIZE_EMAIL filter will remove characters that are inappropriate for an email address to contain. However, the sanitized data is not validated to check if it is a valid email address.

Most filters support optional flags that can tweak the behavior of the filter. These flags are identified by the FILTER_FLAG_* constants. For example, using the FILTER_FLAG_PATH_REQUIRED with the FILTER_VALIDATE_URL validation filter requires that the URL has a path (e.g. /foo in https://example.org/foo).