Попередньо визначені константи

Константи, описані нижче — визначені цим розширенням, тож доступні, коли розширення скомпільовано як частина PHP або динамічно підключене під час виконання.

INPUT_POST (int): POST variables.
INPUT_GET (int): GET variables.
INPUT_COOKIE (int): COOKIE variables.
INPUT_ENV (int): ENV variables.
INPUT_SERVER (int): SERVER variables.
INPUT_SESSION (int): SESSION variables. (Removed as of PHP 8.0.0; was not implemented previously)
INPUT_REQUEST (int): REQUEST variables. (Removed as of PHP 8.0.0; was not implemented previously)

FILTER_FLAG_NONE (int): No flags.
FILTER_REQUIRE_SCALAR (int): Flag used to require the input of the filter to be a scalar.
FILTER_REQUIRE_ARRAY (int): Flag used to require the input of the filter to be an array.
FILTER_FORCE_ARRAY (int): This flag wraps scalar inputs into a one element array for filters which operate on arrays.
FILTER_NULL_ON_FAILURE (int): Use null instead of false on failure. Usable with any validation FILTER_VALIDATE_* filter.

FILTER_FLAG_STRIP_LOW (int): Strip characters with ASCII value less than 32.
FILTER_FLAG_STRIP_HIGH (int): Strip characters with ASCII value greater than 127.
FILTER_FLAG_STRIP_BACKTICK (int): Strips backtick (`) characters.
FILTER_FLAG_ENCODE_LOW (int): Encode characters with ASCII value less than 32.
FILTER_FLAG_ENCODE_HIGH (int): Encode characters with ASCII value greater than 127.
FILTER_FLAG_ENCODE_AMP (int): Encode &.
FILTER_FLAG_NO_ENCODE_QUOTES (int): Singe and double quotes (' and ") will not be encoded.
FILTER_FLAG_EMPTY_STRING_NULL (int): If sanitizing a string results in an empty string, convert the value to null

FILTER_VALIDATE_BOOL (int)

Validation Filters Returns true for "1", 1 including binary, octal and hexadecimal notations, 1.0, "true", true, "on", and "yes". Returns false for "0", 0 including binary, octal and hexadecimal notations, 0.0, "false", false, "off", "no", and "". String values are compared case-insensitively. The return value for non-boolean values depends on the FILTER_NULL_ON_FAILURE. If it is set, null is returned, otherwise false is returned.

default: Value to return in case the filter fails.

Available as of PHP 8.0.0.

FILTER_VALIDATE_BOOLEAN (int)

Псевдонім FILTER_VALIDATE_BOOL. The alias was available prior to the introduction of its canonical name in PHP 8.0.0.

FILTER_VALIDATE_INT (int)

Validates whether the value is an integer, on success it is converted to type int.

Зауваження: String values are trimmed using trim() before validation.

default: Value to return in case the filter fails.
min_range: Value is only valid if it is greater than or equal to the provided value.
max_range: Value is only valid if it is less than or equal to the provided value.

FILTER_FLAG_ALLOW_OCTAL (int): Allow integers in octal notation (0[0-7]+).
FILTER_FLAG_ALLOW_HEX (int): Allow integers in hexadecimal notation (0x[0-9a-fA-F]+).

FILTER_VALIDATE_FLOAT (int)

Validates whether the value is a float, on success it is converted to type float.

Зауваження: String values are trimmed using trim() before validation.

default: Value to return in case the filter fails.
decimal
min_range: Value is only valid if it is greater than or equal to the provided value. Available as of PHP 7.4.0.
max_range: Value is only valid if it is less than or equal to the provided value. Available as of PHP 7.4.0.

FILTER_FLAG_ALLOW_THOUSAND (int): Accept commas (,), which usually represent the thousand separator.

FILTER_VALIDATE_REGEXP (int)

Validates value against the regular expression provided by the regexp option.

default: Value to return in case the filter fails.
regexp: Perl-compatible regular expression.

FILTER_VALIDATE_URL (int)

Validates whether the URL is valid according to » RFC 2396.

default: Value to return in case the filter fails.

FILTER_FLAG_SCHEME_REQUIRED (int): Requires the URL to contain a scheme part.
Увага
DEPRECATED as of PHP 7.3.0 and REMOVED as of PHP 8.0.0. This is because it is always implied by the FILTER_VALIDATE_URL filter.
FILTER_FLAG_HOST_REQUIRED (int): Requires the URL to contain a host part.
Увага
DEPRECATED as of PHP 7.3.0 and REMOVED as of PHP 8.0.0. This is because it is always implied by the FILTER_VALIDATE_URL filter.
FILTER_FLAG_PATH_REQUIRED (int): Requires the URL to contain a path part.
FILTER_FLAG_QUERY_REQUIRED (int): Requires the URL to contain a query part.

Увага

A valid URL may not specify the HTTP protocol (http://). Therefore, further validation may be required to determine if the URL uses an expected protocol, e.g. ssh:// or mailto:.

Увага

This filter only works on ASCII URLs. This means that Internationalized Domain Names (IDN) will always be rejected.

FILTER_VALIDATE_DOMAIN (int)

Validates whether the domain name is valid according to » RFC 952, » RFC 1034, » RFC 1035, » RFC 1123, » RFC 2732, and » RFC 2181.

default: Value to return in case the filter fails.

FILTER_FLAG_HOSTNAME (int): Require hostnames to start with an alphanumeric character and contain only alphanumerics or hyphens.

FILTER_VALIDATE_EMAIL (int)

Validates whether the value is a "valid" e-mail address. The validation is performed against the addr-spec syntax in » RFC 822. However, comments, whitespace folding, and dotless domain names are not supported, and thus will be rejected.

default: Value to return in case the filter fails.

FILTER_FLAG_EMAIL_UNICODE (int): Accepts Unicode characters in the local part. Available as of PHP 7.1.0.

Увага

Email validation is complex and the only true way to confirm an email is valid and exists is to send an email to the address.

FILTER_VALIDATE_IP (int)

Validates value as IP address.

default: Value to return in case the filter fails.

FILTER_FLAG_IPV4 (int)

Optional Flags Allow IPv4 address.

FILTER_FLAG_IPV6 (int)

Allow IPv6 address.

FILTER_FLAG_NO_RES_RANGE (int)

Deny reserved addresses. These are the ranges that are marked as Reserved-By-Protocol in » RFC 6890.

Which for IPv4 corresponds to the following ranges: 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 240.0.0.0/4.

And for IPv6 corresponds to the following ranges: ::1/128, ::/128, ::FFFF:0:0/96, FE80::/10.

FILTER_FLAG_NO_PRIV_RANGE (int)

Deny private addresses.

These are IPv4 addresses which are in the following ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.

These are IPv6 addresses starting with FD or FC.

FILTER_FLAG_GLOBAL_RANGE (int)

Only allow global addresses. These can be found in » RFC 6890 where the Global attribute is True. Available as of PHP 8.2.0.

FILTER_VALIDATE_MAC (int)

Validates whether the value is a MAC address.

default: Value to return in case the filter fails.

FILTER_UNSAFE_RAW (int)

Sanitizing Filters This filter does nothing. However, it can strip or encode special characters if used together with the FILTER_FLAG_STRIP_* and FILTER_FLAG_ENCODE_* filter sanitization flags.

FILTER_DEFAULT (int)

Псевдонім FILTER_UNSAFE_RAW.

FILTER_SANITIZE_STRING (int)

This filter strips tags and HTML-encodes double and single quotes. Optionally it can strip or encode specified characters if used together with the FILTER_FLAG_STRIP_* and FILTER_FLAG_ENCODE_* filter sanitization flags. The behaviour of encoding quotes can be disabled by using the FILTER_FLAG_NO_ENCODE_QUOTES filter flag.

Увага

Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.

Увага

The way this filter strips tags is not equivalent to strip_tags().

FILTER_SANITIZE_STRIPPED (int)

Псевдонім FILTER_SANITIZE_STRING.

Увага

Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.

FILTER_SANITIZE_ENCODED (int)

This filter URL-encodes a string. Optionally it can strip or encode specified characters if used together with the FILTER_FLAG_STRIP_* and FILTER_FLAG_ENCODE_* filter sanitization flags.

FILTER_SANITIZE_SPECIAL_CHARS (int)

This filter HTML-encodes ', ", <, >, & and characters with an ASCII value less than 32. Unlike the FILTER_SANITIZE_FULL_SPECIAL_CHARS filter, the FILTER_SANITIZE_SPECIAL_CHARS filter ignores the FILTER_FLAG_NO_ENCODE_QUOTES flag.

Optionally it can strip specified characters if used together with the FILTER_FLAG_STRIP_* filter sanitization flags, and it can encode characters with ASCII value greater than 127 using FILTER_FLAG_ENCODE_HIGH.

FILTER_SANITIZE_FULL_SPECIAL_CHARS (int)

This filter is equivalent to calling htmlspecialchars() with ENT_QUOTES set. The behaviour of encoding quotes can be disabled by using the FILTER_FLAG_NO_ENCODE_QUOTES filter flag.

Увага

Like htmlspecialchars(), this filter is aware of the default_charset INI setting. If a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a empty string being returned.

FILTER_SANITIZE_EMAIL (int)

Sanitize the string by removing all characters except latin letters ([a-zA-Z]), digits ([0-9]), and the special characters !#$%&'*+-=?^_`{|}~@.[].

FILTER_SANITIZE_URL (int)

Sanitize the string by removing all characters except latin letters ([a-zA-Z]), digits ([0-9]), and the special characters $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=.

FILTER_SANITIZE_NUMBER_INT (int)

Sanitize the string by removing all characters except digits ([0-9]), plus sign (+), and minus sign (-).

FILTER_SANITIZE_NUMBER_FLOAT (int)

Sanitize the string by removing all characters except digits ([0-9]), plus sign (+), and minus sign (-).

FILTER_FLAG_ALLOW_FRACTION (int): Accept dot (.) character, which usually represents the separator between the integer and fractional parts.
FILTER_FLAG_ALLOW_THOUSAND (int): Accept commas (,) character, which usually represents the thousand separator.
FILTER_FLAG_ALLOW_SCIENTIFIC (int): Accept numbers in scientific notation by allowing the e and E characters.

Увага

If the FILTER_FLAG_ALLOW_FRACTION flag is not used, then the decimal separator is removed, altering the value received.

<?php
$number = '12.34';

var_dump(filter_var($number, FILTER_SANITIZE_NUMBER_FLOAT));
var_dump(filter_var($number, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
?>

Поданий вище приклад виведе:

string(4) "1234"
string(5) "12.34"

FILTER_SANITIZE_ADD_SLASHES (int)

Apply addslashes() to the input. Available as of PHP 7.3.0.

FILTER_SANITIZE_MAGIC_QUOTES (int)

Псевдонім FILTER_SANITIZE_ADD_SLASHES.

Увага

DEPRECATED as of PHP 7.3.0 and REMOVED as of PHP 8.0.0.

FILTER_CALLBACK (int)

User Defined Filter This filter delegates the filtering to a user defined function. The callable is passed via the options parameter as the value associated to the 'options' key.

The callback should have the following signature:

callback(string $value): mixed

value: The value that is being filtered.

Зауваження: The value returned by the callback will be the value returned by the invoked filter function.

Приклад #1 Example of using FILTER_CALLBACK to validate a login name

<?php
function validate_login(string $value): ?string
{
    if (strlen($value) >= 5 && ctype_alnum($value)) {
        return $value;
    }
    return null;
}

$login = "val1dL0gin";
$filtered_login = filter_var($login, FILTER_CALLBACK, ['options' => 'validate_login']);
var_dump($filtered_login);

$login = "f&ke login";
$filtered_login = filter_var($login, FILTER_CALLBACK, ['options' => 'validate_login']);
var_dump($filtered_login);
?>

Поданий вище приклад виведе:

string(10) "val1dL0gin"
NULL

Увага

This filter cannot be used with any other filter flags, e.g. FILTER_NULL_ON_FAILURE.