We might have already discussed PHP filters once or twice. Using them is important for the safety of the website or application you are creating.
We prepared a clear list of PHP filter functions and predefined constants that you can quickly refer to. If suddenly you need to PHP validate strings, encode special characters or perform other filtering duties, we are here for your every need.
Contents
PHP Filter: Main Tips
- PHP filters are used to sort, validate and otherwise filter data using PHP script.
- Since the PHP version 5.2.0, the filter functions are available by default, so they don't have to be installed.
filter_varin PHP might be considered one of the most valuable functions.
Options for Runtime Configuration
Always remember that the work of these functions is affected by the settings located in php.ini:
| Name | Description | Default value | Changeable |
|---|---|---|---|
| filter.default | Filter every $_POST, $_GET, $_REQUEST, $_COOKIE, and $_SERVER piece of data using this filter. This setting accepts the name of the particular filter you would like to use. You can see the PHP filters listed below. | "unsafe_raw" | PHP_INI_PERDIR |
| filter.default_flags | Set the default flags that are applied whenever the default PHP filter is set. For backward compatibility reasons, this setting is, by default, set to FILTER_FLAG_NO_ENCODE_QUOTES. | NULL | PHP_INI_PERDIR |
List of Functions to Apply
In the table below, you can see a list of useful functions that can be used with PHP filters. They are valid in PHP 5.2 and all newer versions:
| Function | Description |
|---|---|
| filter_has_var() | Check whether variable of a specified input type exists or not |
| filter_id() | Return filter ID of specified filter name |
| filter_input() | Get external variable (e.g. from form field input) then optionally filter |
| filter_input_array() | Get external variables (e.g. from form field input) then optionally filter |
| filter_list() | Return list of all supported filters |
| filter_var_array() | Get multiple variables and filter them |
| filter_var() | Filter variable with a specified filter |
Relevant Predefined Constants
Take a look at these predefined constants. You may find them useful when performing PHP filtering as well:
| Constant | ID | Description |
|---|---|---|
| FILTER_VALIDATE_BOOLEAN | 258 | Validate boolean |
| FILTER_VALIDATE_EMAIL | 274 | Validate e-mail address |
| FILTER_VALIDATE_FLOAT | 259 | Validate float |
| FILTER_VALIDATE_INT | 257 | Validate integer |
| FILTER_VALIDATE_IP | 275 | Validate IP address |
| FILTER_VALIDATE_REGEXP | 272 | Validate regular expression |
| FILTER_VALIDATE_URL | 273 | Validate URL |
| FILTER_SANITIZE_EMAIL | 517 | Remove every illegal character from e-mail address |
| FILTER_SANITIZE_ENCODED | 514 | Remove/Encode special characters |
| FILTER_SANITIZE_MAGIC_QUOTES | 521 | Apply addslashes() function |
| FILTER_SANITIZE_NUMBER_FLOAT | 520 | Remove every character, except for digits, +- and optionally .,eE |
| FILTER_SANITIZE_NUMBER_INT | 519 | Remove all characters except for digits and + - |
| FILTER_SANITIZE_SPECIAL_CHARS | 515 | Remove special characters |
| FILTER_SANITIZE_FULL_SPECIAL_CHARS | 515 | Rejects strings that have sequences of bytes that make invalid characters. Results in 0 length string |
| FILTER_SANITIZE_STRING | 513 | Remove tags/special characters from string |
| FILTER_SANITIZE_STRIPPED | 513 | Alias of FILTER_SANITIZE_STRING filter |
| FILTER_SANITIZE_URL | 518 | Remove every illegal character from a URL |
| FILTER_UNSAFE_RAW | 516 | Optionally strip/encode special characters |
| FILTER_CALLBACK | 1024 | Call user-defined function to filter data |
PHP Filter: Summary
- PHP filtering is useful for coders who need to handle (in most cases, validate and sort) the data.
- Inbuilt PHP filters have been introduced with version 5.2. If you're using this version or a newer one, there's no need to install these functions separately.
- Coders use
filter_varin PHP codes very often for its flexibility.