PHP Sanitize Filter Validate

Thanks to a new set of filtering functions introduced in PHP5, the task of validating and sanitising user input has gotten easier.

Here’s a complete list of filtering functions:

filter_has_var — Checks if variable of specified type exists
filter_id — Returns the filter ID belonging to a named filter
filter_input_array — Gets external variables and optionally filters them
filter_input — Gets a specific external variable by name and optionally filters it
filter_list — Returns a list of all supported filters
filter_var_array — Gets multiple variables and optionally filters them
filter_var — Filters a variable with a specified filter

The complete list of filters available:

ID	Name	Options	Flags	Description
`FILTER_VALIDATE_INT`	“int”	`min_range`, `max_range`	`FILTER_FLAG_ALLOW_OCTAL`, `FILTER_FLAG_ALLOW_HEX`	Validates value as integer, optionally from the specified range.
`FILTER_VALIDATE_BOOLEAN`	“boolean”			Returns `TRUE` for “1″, “true”, “on” and “yes”, `FALSE` for “0″, “false”, “off”, “no”, and “”, `NULL` otherwise.
`FILTER_VALIDATE_FLOAT`	“float”			Validates value as float.
`FILTER_VALIDATE_REGEXP`	“validate_regexp”	`regexp`		Validates value against `regexp`, a Perl-compatible regular expression.
`FILTER_VALIDATE_URL`	“validate_url”		`FILTER_FLAG_SCHEME_REQUIRED`, `FILTER_FLAG_HOST_REQUIRED`, `FILTER_FLAG_PATH_REQUIRED`, `FILTER_FLAG_QUERY_REQUIRED`	Validates value as URL, optionally with required components.
`FILTER_VALIDATE_EMAIL`	“validate_email”			Validates value as e-mail.
`FILTER_VALIDATE_IP`	“validate_ip”		`FILTER_FLAG_IPV4`, `FILTER_FLAG_IPV6`, `FILTER_FLAG_NO_PRIV_RANGE`, `FILTER_FLAG_NO_RES_RANGE`	Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
`FILTER_SANITIZE_STRING`	“string”		`FILTER_FLAG_NO_ENCODE_QUOTES`, `FILTER_FLAG_STRIP_LOW`, `FILTER_FLAG_STRIP_HIGH`, `FILTER_FLAG_ENCODE_LOW`, `FILTER_FLAG_ENCODE_HIGH`, `FILTER_FLAG_ENCODE_AMP`	Strip tags, optionally strip or encode special characters.
`FILTER_SANITIZE_STRIPPED`	“stripped”			Alias of “string” filter.
`FILTER_SANITIZE_ENCODED`	“encoded”		`FILTER_FLAG_STRIP_LOW`, `FILTER_FLAG_STRIP_HIGH`, `FILTER_FLAG_ENCODE_LOW`, `FILTER_FLAG_ENCODE_HIGH`	URL-encode string, optionally strip or encode special characters.
`FILTER_SANITIZE_SPECIAL_CHARS`	“special_chars”		`FILTER_FLAG_STRIP_LOW`, `FILTER_FLAG_STRIP_HIGH`, `FILTER_FLAG_ENCODE_HIGH`	HTML-escape `‘”<>&` and characters with ASCII value less than 32, optionally strip or encode other special characters.
`FILTER_UNSAFE_RAW`	“unsafe_raw”		`FILTER_FLAG_STRIP_LOW`, `FILTER_FLAG_STRIP_HIGH`, `FILTER_FLAG_ENCODE_LOW`, `FILTER_FLAG_ENCODE_HIGH`, `FILTER_FLAG_ENCODE_AMP`	Do nothing, optionally strip or encode special characters.
`FILTER_SANITIZE_EMAIL`	“email”			Remove all characters except letters, digits and !#$%&’*+-/=?^_`{\|}~@.[].
`FILTER_SANITIZE_URL`	“url”			Remove all characters except letters, digits and $-_.+!*’(),{}\|\\^~[]`<>#%”;/?:@&=.
`FILTER_SANITIZE_NUMBER_INT`	“number_int”			Remove all characters except digits and `+-`.
`FILTER_SANITIZE_NUMBER_FLOAT`	“number_float”		`FILTER_FLAG_ALLOW_FRACTION`, `FILTER_FLAG_ALLOW_THOUSAND`, `FILTER_FLAG_ALLOW_SCIENTIFIC`	Remove all characters except digits, `+-` and optionally `.,eE`.
`FILTER_SANITIZE_MAGIC_QUOTES`	“magic_quotes”			Apply addslashes().
`FILTER_CALLBACK`	“callback”		callback function or method	Call user-defined function to filter data.

Check out the PHP manual pages for examples on how to use the functions.

Andrei’s Blog

Easy way to validate and filter data in PHP5

Search

Web hosting

Categories

FeedBurner RSS

Friends

My links

Friends

Recent posts

Archives

Meta

Tag cloud