Jesus · Bible · HTML · CSS · JS · PHP · SVG · Applications

filter_input

Description

The filter_input of Filter for PHP gets a specific external variable by name and optionally filters it.

Syntax

filter_input(
    int $type,
    string $var_name,
    int $filter = FILTER_DEFAULT,
    array|int $options = 0
): mixed

Parameters

type

One of INPUT_GET, INPUT_POST, INPUT_COOKIE, INPUT_SERVER, or INPUT_ENV.

var_name

Name of a variable to get.

filter

The ID of the filter to apply.

If omitted, FILTER_DEFAULT will be used, which is equivalent to FILTER_UNSAFE_RAW. This will result in no filtering taking place by default.

IDNameOptionsFlagsDescription
FILTER_VALIDATE_BOOLEAN"boolean"defaultFILTER_NULL_ON_FAILUREReturns TRUE for "1", "true", "on" and "yes". Returns FALSE otherwise. If FILTER_NULL_ON_FAILURE is set, FALSE is returned only for "0", "false", "off", "no", and "", and NULL is returned for all non-boolean values.
FILTER_VALIDATE_DOMAIN"validate_domain"defaultFILTER_FLAG_HOSTNAMEValidates whether the domain name label lengths are valid. Validates domain names against RFC 1034, RFC 1035, RFC 952, RFC 1123, RFC 2732, RFC 2181, and RFC 1123. Optional flag FILTER_FLAG_HOSTNAME adds ability to specifically validate hostnames (they must start with an alphanumeric character and contain only alphanumerics or hyphens).
FILTER_VALIDATE_EMAIL"validate_email"defaultFILTER_FLAG_EMAIL_UNICODEValidates whether the value is a valid e-mail address. In general, this validates e-mail addresses against the syntax in RFC 822, with the exceptions that comments and whitespace folding and dotless domain names are not supported.
FILTER_VALIDATE_FLOAT"float"default, decimal, min_range, max_rangeFILTER_FLAG_ALLOW_THOUSANDValidates value as float, optionally from the specified range, and converts to float on success.
FILTER_VALIDATE_INT"int"default, min_range, max_rangeFILTER_FLAG_ALLOW_OCTAL, FILTER_FLAG_ALLOW_HEXValidates value as integer, optionally from the specified range, and converts to int on success.
FILTER_VALIDATE_IP"validate_ip"defaultFILTER_FLAG_IPV4, FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGEValidates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
FILTER_VALIDATE_MAC"validate_mac_address"defaultValidates value as MAC address.
FILTER_VALIDATE_REGEXP"validate_regexp"default, regexpValidates value against regexp, a Perl-compatible regular expression.
FILTER_VALIDATE_URL"validate_url"defaultFILTER_FLAG_SCHEME_REQUIRED, FILTER_FLAG_HOST_REQUIRED, FILTER_FLAG_PATH_REQUIRED, FILTER_FLAG_QUERY_REQUIREDValidates value as URL (according to http://www.faqs.org/rfcs/rfc2396), optionally with required components. Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// or mailto:. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail.
IDNameFlagsDescription
FILTER_SANITIZE_EMAIL"email" Remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].
FILTER_SANITIZE_ENCODED"encoded"FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGHURL-encode string, optionally strip or encode special characters.
FILTER_SANITIZE_MAGIC_QUOTES"magic_quotes" Apply addslashes().
FILTER_SANITIZE_NUMBER_FLOAT"number_float"FILTER_FLAG_ALLOW_FRACTION, FILTER_FLAG_ALLOW_THOUSAND, FILTER_FLAG_ALLOW_SCIENTIFICRemove all characters except digits, +- and optionally .,eE.
FILTER_SANITIZE_NUMBER_INT"number_int" Remove all characters except digits, plus and minus sign.
FILTER_SANITIZE_SPECIAL_CHARS"special_chars"FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_HIGHHTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters.
FILTER_SANITIZE_FULL_SPECIAL_CHARS"full_special_chars"FILTER_FLAG_NO_ENCODE_QUOTES,Equivalent to calling htmlspecialchars() with ENT_QUOTES set. Encoding quotes can be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars(), this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0.
FILTER_SANITIZE_STRING"string"FILTER_FLAG_NO_ENCODE_QUOTES, FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMPStrip tags, optionally strip or encode special characters.
FILTER_SANITIZE_STRIPPED"stripped" Alias of "string" filter.
FILTER_SANITIZE_URL"url" Remove all characters except letters, digits and $-_.+!*'(),{}|\^~[]`<>#%";/?:@&=.
FILTER_UNSAFE_RAW"unsafe_raw"FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMPDo nothing, optionally strip or encode special characters. This filter is also aliased to FILTER_DEFAULT.
IDNameOptionsFlagsDescription
FILTER_CALLBACK"callback"callable function or methodAll flags are ignoredCall user-defined function to filter data.
IDUsed withDescription
FILTER_FLAG_STRIP_LOWFILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAWStrips characters that have a numerical value <32.
FILTER_FLAG_STRIP_HIGHFILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAWStrips characters that have a numerical value >127.
FILTER_FLAG_STRIP_BACKTICKFILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAWStrips backtick characters.
FILTER_FLAG_ALLOW_FRACTIONFILTER_SANITIZE_NUMBER_FLOATAllows a period (.) as a fractional separator in numbers.
FILTER_FLAG_ALLOW_THOUSANDFILTER_SANITIZE_NUMBER_FLOAT, FILTER_VALIDATE_FLOATAllows a comma (,) as a thousands separator in numbers.
FILTER_FLAG_ALLOW_SCIENTIFICFILTER_SANITIZE_NUMBER_FLOATAllows an e or E for scientific notation in numbers.
FILTER_FLAG_NO_ENCODE_QUOTESFILTER_SANITIZE_STRINGIf this flag is present, single (') and double (") quotes will not be encoded.
FILTER_FLAG_ENCODE_LOWFILTER_SANITIZE_ENCODED, FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAWEncodes all characters with a numerical value <32.
FILTER_FLAG_ENCODE_HIGHFILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAWEncodes all characters with a numerical value >127.
FILTER_FLAG_ENCODE_AMPFILTER_SANITIZE_STRING, FILTER_SANITIZE_RAWEncodes ampersands (&).
FILTER_NULL_ON_FAILUREFILTER_VALIDATE_BOOLEANReturns NULL for unrecognized boolean values.
FILTER_FLAG_ALLOW_OCTALFILTER_VALIDATE_INTRegards inputs starting with a zero (0) as octal numbers. This only allows the succeeding digits to be 0-7.
FILTER_FLAG_ALLOW_HEXFILTER_VALIDATE_INTRegards inputs starting with 0x or 0X as hexadecimal numbers. This only allows succeeding characters to be a-fA-F0-9.
FILTER_FLAG_EMAIL_UNICODEFILTER_VALIDATE_EMAILAllows the local part of the email address to contain Unicode characters.
FILTER_FLAG_IPV4FILTER_VALIDATE_IPAllows the IP address to be in IPv4 format.
FILTER_FLAG_IPV6FILTER_VALIDATE_IPAllows the IP address to be in IPv6 format.
FILTER_FLAG_NO_PRIV_RANGEFILTER_VALIDATE_IPFails validation for the following private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. Fails validation for the IPv6 addresses starting with FD or FC.
FILTER_FLAG_NO_RES_RANGEFILTER_VALIDATE_IPFails validation for the following reserved IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8 and 240.0.0.0/4. Fails validation for the following reserved IPv6 ranges: ::1/128, ::/128, ::ffff:0:0/96 and fe80::/10.
FILTER_FLAG_SCHEME_REQUIREDFILTER_VALIDATE_URLRequires the URL to contain a scheme part.
FILTER_FLAG_HOST_REQUIREDFILTER_VALIDATE_URLRequires the URL to contain a host part.
FILTER_FLAG_PATH_REQUIREDFILTER_VALIDATE_URLRequires the URL to contain a path part.
FILTER_FLAG_QUERY_REQUIREDFILTER_VALIDATE_URLRequires the URL to contain a query string.
FILTER_REQUIRE_SCALARRequires the value to be scalar.
FILTER_REQUIRE_ARRAYRequires the value to be an array.
FILTER_FORCE_ARRAYIf the value is a scalar, it is treated as array with the scalar value as only element.

options

Associative array of options or bitwise disjunction of flags. If filter accepts options, flags can be provided in "flags" field of array.

Return

Returns the value of the requested variable on success, false if the filter fails, or null if the var_name variable is not set. If the flag FILTER_NULL_ON_FAILURE is used, it returns false if the variable is not set and null if the filter fails.

Examples

1 · type · INPUT_GET

<?

// https://mydomain.com?myvariable

$type = INPUT_GET;
$var_name = "myvariable";

$return = filter_input($type, $var_name);

var_export($return);

?>
NULL

2 · type · INPUT_POST

<?

$type = INPUT_POST;
$var_name = "myvariable";

$return = filter_input($type, $var_name);

var_export($return);

?>
NULL
<?

$type = INPUT_COOKIE;
$var_name = "myvariable";

$return = filter_input($type, $var_name);

var_export($return);

?>
NULL

4 · type · INPUT_SERVER

<?

$type = INPUT_SERVER;
$var_name = "myvariable";

$return = filter_input($type, $var_name);

var_export($return);

?>
NULL

5 · type · INPUT_ENV

<?

$type = INPUT_ENV;
$var_name = "myvariable";

$return = filter_input($type, $var_name);

var_export($return);

?>
NULL

6 · filter

<?

$type = INPUT_GET;
$var_name = "myvariable";
$filter = FILTER_VALIDATE_BOOLEAN;

$return = filter_input($type, $var_name, $filter);

var_export($return);

?>
NULL

7 · options

<?

$type = INPUT_GET;
$var_name = "myvariable";
$filter = FILTER_DEFAULT;
$options = ["options" => ["myvariable1", "myvariable2"]];

$return = filter_input($type, $var_name, $filter, $options);

var_export($return);

?>
NULL
HomeMenu