Zend PHP 5 Certification Study Guide (2014)
Appendix B: Filter Extension Filters and Flags
The filter extension defines 3 types of filters, validation, sanitization, and callback. Additionally, there are a number of flags that change the way these filters are applied.
Validation Filters
Constant |
Name |
Options |
Flags |
Description |
FILTER_VALIDATE_BOOLEAN |
boolean |
default |
FILTER_NULL_ON_FAILURE |
Validates value as being boolean-like. - Returns true for all truthy values: 1, true, on and yes - Returns false otherwise. If the option FILTER_NULL_ON_FAILURE is used, false is returned only for falsey values: 0, false, off, no, and ''. A non-boolean value returns null |
FILTER_VALIDATE_EMAIL |
validate_email |
default |
Validates value as an e-mail. |
|
FILTER_VALIDATE_FLOAT |
float |
default, decimal |
FILTER_FLAG_ALLOW_THOUSAND |
Validates value as floating point number. |
FILTER_VALIDATE_INT |
int |
default, min_range, max_range |
FILTER_FLAG_ALLOW_OCTAL, FILTER_FLAG_ALLOW_HEX |
Validates value as integer number, optionally from the specified range. Defaults to allowing only decimal numbers, but may optionally allow octal and hex numbers. |
FILTER_VALIDATE_IP |
validate_ip |
default |
FILTER_FLAG_IPV4, FILTER_FLAG_IPV6,FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE |
Validates value as IP address, optionally only IPv4 or IPv6, and can disallow private or reserved ranges. |
FILTER_VALIDATE_REGEXP |
validate_regexp |
default, regexp |
Validates value against a specified regexp, a Perl-compatible regular expression (PCRE). |
|
FILTER_VALIDATE_URL |
validate_url |
default |
FILTER_FLAG_PATH_REQUIRED, FILTER_FLAG_QUERY_REQUIRED |
Validates value as a URL (according to RFC2396), optionally require a path, or query string. |
Sanitation Filters
Constant |
Name |
Flags |
Description |
FILTER_SANITIZE_EMAIL |
|
Remove all characters except letters digits and the special characters: !#$%&’*+-/=?^_`{|}~@.[]. |
|
FILTER_SANITIZE_ENCODED |
encoded |
FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW,FILTER_FLAG_ENCODE_HIGH |
URL encode string, optionally strip or encode special characters. |
FILTER_SANITIZE_MAGIC_QUOTES |
magic_quotes |
Apply addslashes(). |
|
FILTER_SANITIZE_NUMBER_FLOAT |
number_float |
FILTER_FLAG_ALLOW_FRACTION, FILTER_FLAG_ALLOW_THOUSAND,FILTER_FLAG_ALLOW_SCIENTIFIC |
Remove all characters except digits, plus and minus sign and optionally .,eE. |
FILTER_SANITIZE_NUMBER_INT |
number_int |
Remove all characters except digits, plus and minus sign. |
|
FILTER_SANITIZE_SPECIAL_CHARS |
special_chars |
FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_HIGH |
HTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters. |
FILTER_SANITIZE_FULL_SPECIAL_CHARS |
full_special_chars |
FILTER_FLAG_NO_ENCODE_QUOTES |
The same as calling htmlspecialchars() with ENT_QUOTES set. Encoding quotes can be disabled by settingFILTER_FLAG_NO_ENCODE_QUOTES. Uses the default-charset INI setting. If a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. |
FILTER_SANITIZE_STRING |
string |
FILTER_FLAG_NO_ENCODE_QUOTES, FILTER_FLAG_STRIP_LOW,FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH,FILTER_FLAG_ENCODE_AMP |
Strip tags, optionally strip or encode special characters. |
FILTER_SANITIZE_STRIPPED |
stripped |
Alias of FILTER_SANITIZE_STRING. |
|
FILTER_SANITIZE_URL |
url |
Remove all characters except letters, digits and $-_.+!*'(),{}|\\^~[]\<>#%“;/?:@&=`. |
|
FILTER_UNSAFE_RAW |
unsafe_raw |
FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW,FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP |
Do nothing, optionally strip or encode special characters. Used to access original data when using a default filter. |
Flags
Constant |
Used with |
Description |
FILTER_FLAG_STRIP_LOW |
FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW |
Strips characters with a numerical value < 32. |
FILTER_FLAG_STRIP_HIGH |
FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING, FILTER_UNSAFE_RAW |
Strips characters with a numerical value > 127. |
FILTER_FLAG_ALLOW_FRACTION |
FILTER_SANITIZE_NUMBER_FLOAT |
Allows a period (.) as a fractional separator in numbers. |
FILTER_FLAG_ALLOW_THOUSAND |
FILTER_SANITIZE_NUMBER_FLOAT, FILTER_VALIDATE_FLOAT |
Allows a comma (,) as a thousands separator in numbers. |
FILTER_FLAG_ALLOW_SCIENTIFIC |
FILTER_SANITIZE_NUMBER_FLOAT |
Allows an e or E for scientific notation in numbers. |
FILTER_FLAG_NO_ENCODE_QUOTES |
FILTER_SANITIZE_STRING |
Do not encode single (') or double (") quotes. |
FILTER_FLAG_ENCODE_LOW |
FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAW |
Encodes all characters with a numerical value < 32. |
FILTER_FLAG_ENCODE_HIGH |
FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_SANITIZE_STRING,FILTER_SANITIZE_RAW |
Encodes all characters with a numerical value > 127. |
FILTER_FLAG_ENCODE_AMP |
FILTER_SANITIZE_STRING, FILTER_SANITIZE_RAW |
Encodes ampersands (&). |
FILTER_NULL_ON_FAILURE |
FILTER_VALIDATE_BOOLEAN |
Returns null for unrecognized boolean values. |
FILTER_FLAG_ALLOW_OCTAL |
FILTER_VALIDATE_INT |
Allows inputs starting with a zero (0) as octal numbers. This only allows the succeeding digits to be 0-7. |
FILTER_FLAG_ALLOW_HEX |
FILTER_VALIDATE_INT |
Allows inputs starting with 0x or 0X as hexadecimal numbers. This only allows succeeding characters to be a-fA-F0-9. |
FILTER_FLAG_IPV4 |
FILTER_VALIDATE_IP |
Allows IPv4 addresses |
FILTER_FLAG_IPV6 |
FILTER_VALIDATE_IP |
Allows IPv6 addresses. |
FILTER_FLAG_NO_PRIV_RANGE |
FILTER_VALIDATE_IP |
Disallows the following private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. Disallows IPv6 addresses starting with FD or FC. |
FILTER_FLAG_NO_RES_RANGE |
FILTER_VALIDATE_IP |
Disallows the following reserved IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, and 224.0.0.0/4. This flag does not apply to IPv6 addresses. |
FILTER_FLAG_PATH_REQUIRED |
FILTER_VALIDATE_URL |
Requires that the URL contains a path part. |
FILTER_FLAG_QUERY_REQUIRED |
FILTER_VALIDATE_URL |
Requires that the URL contains a query string. |