filter_var sanitation filters

Subject:

IDNameFlagsDescription

FILTER_SANITIZE_EMAIL"email" Remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].

FILTER_SANITIZE_ENCODED"encoded"FILTER_FLAG_STRIP_LOW,FILTER_FLAG_STRIP_HIGH,FILTER_FLAG_ENCODE_LOW,FILTER_FLAG_ENCODE_HIGHURL-encode string, optionally strip or encode special characters.

FILTER_SANITIZE_MAGIC_QUOTES"magic_quotes" Apply addslashes().

FILTER_SANITIZE_NUMBER_FLOAT"number_float"FILTER_FLAG_ALLOW_FRACTION,FILTER_FLAG_ALLOW_THOUSAND,FILTER_FLAG_ALLOW_SCIENTIFICRemove all characters except digits, +- and optionally .,eE.

FILTER_SANITIZE_NUMBER_INT"number_int" Remove all characters except digits, plus and minus sign.

FILTER_SANITIZE_SPECIAL_CHARS"special_chars"FILTER_FLAG_STRIP_LOW,FILTER_FLAG_STRIP_HIGH,FILTER_FLAG_ENCODE_HIGHHTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters.

FILTER_SANITIZE_FULL_SPECIAL_CHARS"full_special_chars"FILTER_FLAG_NO_ENCODE_QUOTES,Equivalent to callinghtmlspecialchars() withENT_QUOTES set. Encoding quotes can be disabled by settingFILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars(), this filter is aware of thedefault_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0.

FILTER_SANITIZE_STRING"string"FILTER_FLAG_NO_ENCODE_QUOTES,FILTER_FLAG_STRIP_LOW,FILTER_FLAG_STRIP_HIGH,FILTER_FLAG_ENCODE_LOW,FILTER_FLAG_ENCODE_HIGH,FILTER_FLAG_ENCODE_AMPStrip tags, optionally strip or encode special characters.

FILTER_SANITIZE_STRIPPED"stripped" Alias of "string" filter.

FILTER_SANITIZE_URL"url" Remove all characters except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=.

FILTER_UNSAFE_RAW"unsafe_raw"FILTER_FLAG_STRIP_LOW,FILTER_FLAG_STRIP_HIGH,FILTER_FLAG_ENCODE_LOW,FILTER_FLAG_ENCODE_HIGH,FILTER_FLAG_ENCODE_AMPDo nothing, optionally strip or encode special characters. This filter is also aliased toFILTER_DEFAULT.

2015-09-23 13:44:35gstlouis

IDNameOptionsFlagsDescription

FILTER_VALIDATE_BOOLEAN"boolean"defaultFILTER_NULL_ON_FAILURE

Returns TRUE for "1", "true", "on" and "yes". Returns FALSE otherwise.

If FILTER_NULL_ON_FAILURE is set,FALSE is returned only for "0", "false", "off", "no", and "", and NULLis returned for all non-boolean values.

FILTER_VALIDATE_EMAIL"validate_email"default

Validates whether the value is a valid e-mail address.

In general, this validates e-mail addresses against the syntax in RFC 822, with the exceptions that comments and whitespace folding are not supported.

FILTER_VALIDATE_FLOAT"float"default,decimalFILTER_FLAG_ALLOW_THOUSANDValidates value as float, and converts to float on success.

FILTER_VALIDATE_INT"int"default,min_range,max_rangeFILTER_FLAG_ALLOW_OCTAL,FILTER_FLAG_ALLOW_HEXValidates value as integer, optionally from the specified range, and converts to int on success.

FILTER_VALIDATE_IP"validate_ip"defaultFILTER_FLAG_IPV4,FILTER_FLAG_IPV6,FILTER_FLAG_NO_PRIV_RANGE,FILTER_FLAG_NO_RES_RANGEValidates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.

FILTER_VALIDATE_MAC"validate_mac_address"default Validates value as MAC address.

FILTER_VALIDATE_REGEXP"validate_regexp"default,regexp Validates value against regexp, aPerl-compatible regular expression.

FILTER_VALIDATE_URL"validate_url"defaultFILTER_FLAG_PATH_REQUIRED,FILTER_FLAG_QUERY_REQUIREDValidates value as URL (according to» http://www.faqs.org/rfcs/rfc2396), optionally with required components. Beware a valid URL may not specify the HTTP protocolhttp:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// ormailto:. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail.

gstlouis
vote
2015-09-23 13:45:23