How To Filter Variable in PHP - filter_var() Function
The filter_var() function filters a variable with the specified filter. There are two types of filters:
- Validate filters
- Sanitize filters
Syntax
filter_var(var, filtername, options)
- var: Required. The variable to filter
- filtername: Optional. Specifies the ID or name of the filter to use. Default is FILTER_DEFAULT, which results in no filtering
- options: Optional. Specifies one or more flags to use. Check each filter for possible options and flags
1. Validate Filters
FILTER_VALIDATE_BOOLEAN
It returns TRUE for "1", "true", "on" and "yes". Returns FALSE otherwise.
FILTER_VALIDATE_EMAIL
It validates whether the value is a valid e-mail address.
FILTER_VALIDATE_FLOAT
It validates value as float, and converts to float on success.
FILTER_VALIDATE_INT
It validates value as integer, optionally from the specified range, and converts to int on success.
FILTER_VALIDATE_IP
It validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
FILTER_VALIDATE_MAC
It validates value as MAC address.
FILTER_VALIDATE_REGEXP
It validates value against regexp, a Perl-compatible regular expression.
FILTER_VALIDATE_URL
It validates value as URL, optionally with required components.
2. Sanitize Filters
FILTER_SANITIZE_EMAIL
It remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].
FILTER_SANITIZE_ENCODED
URL-encode string, optionally strip or encode special characters.
FILTER_SANITIZE_MAGIC_QUOTES
Apply addslashes()
FILTER_SANITIZE_NUMBER_FLOAT
It remove all characters except digits, +- and optionally .,eE.
FILTER_SANITIZE_NUMBER_INT
It remove all characters except digits, plus and minus sign.
FILTER_SANITIZE_SPECIAL_CHARS
HTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters.
FILTER_SANITIZE_FULL_SPECIAL_CHARS
Equivalent to calling htmlspecialchars() with ENT_QUOTES set.
FILTER_SANITIZE_STRING
It strip tags, optionally strip or encode special characters.
FILTER_SANITIZE_URL
It removes all characters except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=.
3. Filter Flags
FILTER_FLAG_STRIP_LOW
It strips characters that have a numerical value <32.
FILTER_FLAG_STRIP_HIGH
It strips characters that have a numerical value >127. In almost every encoding, these represent non-ASCII characters.
FILTER_FLAG_STRIP_BACKTICK
It strips backtick characters.
FILTER_FLAG_ALLOW_FRACTION
Allows a period (.) as a fractional separator in numbers.
FILTER_FLAG_ALLOW_THOUSAND
Allows a comma (,) as a thousands separator in numbers.
FILTER_FLAG_ALLOW_SCIENTIFIC
Allows an e or E for scientific notation in numbers.
FILTER_FLAG_NO_ENCODE_QUOTES
If this flag is present, single (') and double (") quotes will not be encoded.
FILTER_FLAG_ENCODE_LOW
it encodes all characters with a numerical value <32.
FILTER_FLAG_ENCODE_HIGH
It encodes all characters with a numerical value >127.
FILTER_FLAG_ENCODE_AMP
It encodes ampersands (&).
FILTER_NULL_ON_FAILURE
it returns NULL for unrecognized boolean values.
FILTER_FLAG_ALLOW_OCTAL
Regards inputs starting with a zero (0) as octal numbers. This only allows the succeeding digits to be 0-7.
FILTER_FLAG_ALLOW_HEX
Regards inputs starting with 0x or 0X as hexadecimal numbers. This only allows succeeding characters to be a-fA-F0-9.
FILTER_FLAG_EMAIL_UNICODE
It allows the local part of the email address to contain Unicode characters.
FILTER_FLAG_IPV4
It allows the IP address to be in IPv4 format.
FILTER_FLAG_IPV6
It allows the IP address to be in IPv6 format.