filter_var sanitation filters | |
|---|---|
| Subject: | |
IDNameFlagsDescription FILTER_SANITIZE_EMAIL"email" Remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[]. FILTER_SANITIZE_ENCODED"encoded"FILTER_FLAG_STRIP_LOW,FILTER_FLAG_STRIP_HIGH,FILTER_FLAG_ENCODE_LOW,FILTER_FLAG_ENCODE_HIGHURL-encode string, optionally strip or encode special characters. FILTER_SANITIZE_MAGIC_QUOTES"magic_quotes" Apply addslashes(). FILTER_SANITIZE_NUMBER_FLOAT"number_float"FILTER_FLAG_ALLOW_FRACTION,FILTER_FLAG_ALLOW_THOUSAND,FILTER_FLAG_ALLOW_SCIENTIFICRemove all characters except digits, +- and optionally .,eE. FILTER_SANITIZE_NUMBER_INT"number_int" Remove all characters except digits, plus and minus sign. FILTER_SANITIZE_SPECIAL_CHARS"special_chars"FILTER_FLAG_STRIP_LOW,FILTER_FLAG_STRIP_HIGH,FILTER_FLAG_ENCODE_HIGHHTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters. FILTER_SANITIZE_FULL_SPECIAL_CHARS"full_special_chars"FILTER_FLAG_NO_ENCODE_QUOTES,Equivalent to callinghtmlspecialchars() withENT_QUOTES set. Encoding quotes can be disabled by settingFILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars(), this filter is aware of thedefault_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0. FILTER_SANITIZE_STRING"string"FILTER_FLAG_NO_ENCODE_QUOTES,FILTER_FLAG_STRIP_LOW,FILTER_FLAG_STRIP_HIGH,FILTER_FLAG_ENCODE_LOW,FILTER_FLAG_ENCODE_HIGH,FILTER_FLAG_ENCODE_AMPStrip tags, optionally strip or encode special characters. FILTER_SANITIZE_STRIPPED"stripped" Alias of "string" filter. FILTER_SANITIZE_URL"url" Remove all characters except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=. FILTER_UNSAFE_RAW"unsafe_raw"FILTER_FLAG_STRIP_LOW,FILTER_FLAG_STRIP_HIGH,FILTER_FLAG_ENCODE_LOW,FILTER_FLAG_ENCODE_HIGH,FILTER_FLAG_ENCODE_AMPDo nothing, optionally strip or encode special characters. This filter is also aliased toFILTER_DEFAULT. | |
| 2015-09-23 13:44:35 | gstlouis |
IDNameOptionsFlagsDescription FILTER_VALIDATE_BOOLEAN"boolean"defaultFILTER_NULL_ON_FAILURE Returns TRUE for "1", "true", "on" and "yes". Returns FALSE otherwise. If FILTER_NULL_ON_FAILURE is set,FALSE is returned only for "0", "false", "off", "no", and "", and NULLis returned for all non-boolean values. FILTER_VALIDATE_EMAIL"validate_email"default Validates whether the value is a valid e-mail address. In general, this validates e-mail addresses against the syntax in RFC 822, with the exceptions that comments and whitespace folding are not supported. FILTER_VALIDATE_FLOAT"float"default,decimalFILTER_FLAG_ALLOW_THOUSANDValidates value as float, and converts to float on success. FILTER_VALIDATE_INT"int"default,min_range,max_rangeFILTER_FLAG_ALLOW_OCTAL,FILTER_FLAG_ALLOW_HEXValidates value as integer, optionally from the specified range, and converts to int on success. FILTER_VALIDATE_IP"validate_ip"defaultFILTER_FLAG_IPV4,FILTER_FLAG_IPV6,FILTER_FLAG_NO_PRIV_RANGE,FILTER_FLAG_NO_RES_RANGEValidates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges. FILTER_VALIDATE_MAC"validate_mac_address"default Validates value as MAC address. FILTER_VALIDATE_REGEXP"validate_regexp"default,regexp Validates value against regexp, aPerl-compatible regular expression. FILTER_VALIDATE_URL"validate_url"defaultFILTER_FLAG_PATH_REQUIRED,FILTER_FLAG_QUERY_REQUIREDValidates value as URL (according to» http://www.faqs.org/rfcs/rfc2396), optionally with required components. Beware a valid URL may not specify the HTTP protocolhttp:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// ormailto:. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail. | gstlouis |
| 2015-09-23 13:45:23 | |