Types of filters

目录

Validate filters

Listing of filters for validation
ID Name Options Flags Description
FILTER_VALIDATE_BOOLEAN "boolean" default FILTER_NULL_ON_FAILURE

Returns TRUE for "1", "true", "on" and "yes". Returns FALSE otherwise.

If FILTER_NULL_ON_FAILURE is set, FALSE is returned only for "0", "false", "off", "no", and "", and NULL is returned for all non-boolean values.

FILTER_VALIDATE_DOMAIN "validate_domain" default FILTER_FLAG_HOSTNAME

Validates whether the domain name label lengths are valid.

Validates domain names against RFC 1034, RFC 1035, RFC 952, RFC 1123, RFC 2732, RFC 2181, and RFC 1123. Optional flag FILTER_FLAG_HOSTNAME adds ability to specifically validate hostnames (they must start with an alphanumeric character and contain only alphanumerics or hyphens).

FILTER_VALIDATE_EMAIL "validate_email" default FILTER_FLAG_EMAIL_UNICODE

Validates whether the value is a valid e-mail address.

In general, this validates e-mail addresses against the syntax in RFC 822, with the exceptions that comments and whitespace folding and dotless domain names are not supported.

FILTER_VALIDATE_FLOAT "float" default, decimal, min_range, max_range FILTER_FLAG_ALLOW_THOUSAND Validates value as float, optionally from the specified range, and converts to float on success.
FILTER_VALIDATE_INT "int" default, min_range, max_range FILTER_FLAG_ALLOW_OCTAL, FILTER_FLAG_ALLOW_HEX Validates value as integer, optionally from the specified range, and converts to int on success.
FILTER_VALIDATE_IP "validate_ip" default FILTER_FLAG_IPV4, FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
FILTER_VALIDATE_MAC "validate_mac_address" default   Validates value as MAC address.
FILTER_VALIDATE_REGEXP "validate_regexp" default, regexp   Validates value against regexp, a Perl-compatible regular expression.
FILTER_VALIDATE_URL "validate_url" default FILTER_FLAG_SCHEME_REQUIRED, FILTER_FLAG_HOST_REQUIRED, FILTER_FLAG_PATH_REQUIRED, FILTER_FLAG_QUERY_REQUIRED Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396), optionally with required components. Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// or mailto:. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail.

Note:

As of PHP 5.4.11, the numbers +0 and -0 validate as both integers as well as floats (using FILTER_VALIDATE_FLOAT and FILTER_VALIDATE_INT). Before PHP 5.4.11 they only validated as floats (using FILTER_VALIDATE_FLOAT).

When default is set to option, default's value is used if value is not validated.

版本说明
7.4.0Added min_range and max_range options for FILTER_VALIDATE_FLOAT.
7.0.0Added FILTER_FLAG_HOSTNAME
5.5.0Added FILTER_VALIDATE_MAC
5.2.1FILTER_VALIDATE_URL now implicitly uses FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED.

Sanitize filters

IDNameFlagsDescription
FILTER_SANITIZE_EMAIL"email" Remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].
FILTER_SANITIZE_ENCODED"encoded"FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGHURL-encode string, optionally strip or encode special characters.
FILTER_SANITIZE_MAGIC_QUOTES"magic_quotes" Apply addslashes.
FILTER_SANITIZE_NUMBER_FLOAT"number_float"FILTER_FLAG_ALLOW_FRACTION, FILTER_FLAG_ALLOW_THOUSAND, FILTER_FLAG_ALLOW_SCIENTIFICRemove all characters except digits, +- and optionally .,eE.
FILTER_SANITIZE_NUMBER_INT"number_int" Remove all characters except digits, plus and minus sign.
FILTER_SANITIZE_SPECIAL_CHARS"special_chars"FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_HIGHHTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters.
FILTER_SANITIZE_FULL_SPECIAL_CHARS"full_special_chars"FILTER_FLAG_NO_ENCODE_QUOTES,Equivalent to calling htmlspecialchars with ENT_QUOTES set. Encoding quotes can be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars, this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0.
FILTER_SANITIZE_STRING"string"FILTER_FLAG_NO_ENCODE_QUOTES, FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMPStrip tags, optionally strip or encode special characters.
FILTER_SANITIZE_STRIPPED"stripped" Alias of "string" filter.
FILTER_SANITIZE_URL"url" Remove all characters except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=.
FILTER_UNSAFE_RAW"unsafe_raw"FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMPDo nothing, optionally strip or encode special characters. This filter is also aliased to FILTER_DEFAULT.

Warning

When using one of these filters as a default filter either through your ini file or through your web server's configuration, the default flags is set to FILTER_FLAG_NO_ENCODE_QUOTES. You need to explicitly set filter.default_flags to 0 to have quotes encoded by default. Like this:

示例 #1 Configuring the default filter to act like htmlspecialchars

filter.default = full_special_chars
filter.default_flags = 0
版本说明
5.2.11/5.3.1Slashes (/) are removed by FILTER_SANITIZE_EMAIL. Prior they were retained.

Other filters

IDNameOptionsFlagsDescription
FILTER_CALLBACK"callback"callable function or methodAll flags are ignoredCall user-defined function to filter data.

Filter flags

List of filter flags
ID Used with Description
FILTER_FLAG_STRIP_LOW FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW Strips characters that have a numerical value <32.
FILTER_FLAG_STRIP_HIGH FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW Strips characters that have a numerical value >127.
FILTER_FLAG_STRIP_BACKTICK FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW Strips backtick characters.
FILTER_FLAG_ALLOW_FRACTION FILTER_SANITIZE_NUMBER_FLOAT Allows a period (.) as a fractional separator in numbers.
FILTER_FLAG_ALLOW_THOUSAND FILTER_SANITIZE_NUMBER_FLOAT, FILTER_VALIDATE_FLOAT Allows a comma (,) as a thousands separator in numbers.
FILTER_FLAG_ALLOW_SCIENTIFIC FILTER_SANITIZE_NUMBER_FLOAT Allows an e or E for scientific notation in numbers.
FILTER_FLAG_NO_ENCODE_QUOTES FILTER_SANITIZE_STRING If this flag is present, single (') and double (") quotes will not be encoded.
FILTER_FLAG_ENCODE_LOW FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAW Encodes all characters with a numerical value <32.
FILTER_FLAG_ENCODE_HIGH FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAW Encodes all characters with a numerical value >127.
FILTER_FLAG_ENCODE_AMP FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAW Encodes ampersands (&).
FILTER_NULL_ON_FAILURE FILTER_VALIDATE_BOOLEAN Returns NULL for unrecognized boolean values.
FILTER_FLAG_ALLOW_OCTAL FILTER_VALIDATE_INT Regards inputs starting with a zero (0) as octal numbers. This only allows the succeeding digits to be 0-7.
FILTER_FLAG_ALLOW_HEX FILTER_VALIDATE_INT Regards inputs starting with 0x or 0X as hexadecimal numbers. This only allows succeeding characters to be a-fA-F0-9.
FILTER_FLAG_EMAIL_UNICODE FILTER_VALIDATE_EMAIL Allows the local part of the email address to contain Unicode characters.
FILTER_FLAG_IPV4 FILTER_VALIDATE_IP Allows the IP address to be in IPv4 format.
FILTER_FLAG_IPV6 FILTER_VALIDATE_IP Allows the IP address to be in IPv6 format.
FILTER_FLAG_NO_PRIV_RANGE FILTER_VALIDATE_IP

Fails validation for the following private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.

Fails validation for the IPv6 addresses starting with FD or FC.

FILTER_FLAG_NO_RES_RANGE FILTER_VALIDATE_IP

Fails validation for the following reserved IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8 and 240.0.0.0/4.

Fails validation for the following reserved IPv6 ranges: ::1/128, ::/128, ::ffff:0:0/96 and fe80::/10.

FILTER_FLAG_SCHEME_REQUIRED FILTER_VALIDATE_URL Requires the URL to contain a scheme part.
FILTER_FLAG_HOST_REQUIRED FILTER_VALIDATE_URL Requires the URL to contain a host part.
FILTER_FLAG_PATH_REQUIRED FILTER_VALIDATE_URL Requires the URL to contain a path part.
FILTER_FLAG_QUERY_REQUIRED FILTER_VALIDATE_URL Requires the URL to contain a query string.
FILTER_REQUIRE_SCALAR Requires the value to be scalar.
FILTER_REQUIRE_ARRAY Requires the value to be an array.
FILTER_FORCE_ARRAY If the value is a scalar, it is treated as array with the scalar value as only element.
版本说明
7.3.0The explicit usage of FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED has been deprecated.
7.1.0FILTER_FLAG_EMAIL_UNICODE has been added.
5.3.2FILTER_FLAG_STRIP_BACKTICK has been added.
5.2.10FILTER_FLAG_NO_RES_RANGE supports also IPv6 addresses.