Filter/filters-Phpdoc专题

Types of filters

Validate filters

**Listing of filters for validation**
ID	Name	Options	Flags	Description
`FILTER_VALIDATE_BOOLEAN`	"boolean"	`default`	`FILTER_NULL_ON_FAILURE`	Returns `true` for "1", "true", "on" and "yes". Returns `false` otherwise. If `FILTER_NULL_ON_FAILURE` is set, `false` is returned only for "0", "false", "off", "no", and "", and `null` is returned for all non-boolean values.
`FILTER_VALIDATE_DOMAIN`	"validate_domain"	`default`	`FILTER_FLAG_HOSTNAME`	Validates whether the domain name label lengths are valid. Validates domain names against RFC 1034, RFC 1035, RFC 952, RFC 1123, RFC 2732, RFC 2181, and RFC 1123. Optional flag `FILTER_FLAG_HOSTNAME` adds ability to specifically validate hostnames (they must start with an alphanumeric character and contain only alphanumerics or hyphens).
`FILTER_VALIDATE_EMAIL`	"validate_email"	`default`	`FILTER_FLAG_EMAIL_UNICODE`	Validates whether the value is a valid e-mail address. In general, this validates e-mail addresses against the syntax in RFC 822, with the exceptions that comments and whitespace folding and dotless domain names are not supported.
`FILTER_VALIDATE_FLOAT`	"float"	`default`, `decimal`, `min_range`, `max_range`	`FILTER_FLAG_ALLOW_THOUSAND`	Validates value as float, optionally from the specified range, and converts to float on success.
`FILTER_VALIDATE_INT`	"int"	`default`, `min_range`, `max_range`	`FILTER_FLAG_ALLOW_OCTAL`, `FILTER_FLAG_ALLOW_HEX`	Validates value as integer, optionally from the specified range, and converts to int on success.
`FILTER_VALIDATE_IP`	"validate_ip"	`default`	`FILTER_FLAG_IPV4`, `FILTER_FLAG_IPV6`, `FILTER_FLAG_NO_PRIV_RANGE`, `FILTER_FLAG_NO_RES_RANGE`	Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
`FILTER_VALIDATE_MAC`	"validate_mac_address"	`default`		Validates value as MAC address.
`FILTER_VALIDATE_REGEXP`	"validate_regexp"	`default`, `regexp`		Validates value against `regexp`, a Perl-compatible regular expression.
`FILTER_VALIDATE_URL`	"validate_url"	`default`	`FILTER_FLAG_SCHEME_REQUIRED`, `FILTER_FLAG_HOST_REQUIRED`, `FILTER_FLAG_PATH_REQUIRED`, `FILTER_FLAG_QUERY_REQUIRED`	Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396), optionally with required components. Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// or mailto:. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail.

Note:

As of PHP 5.4.11, the numbers +0 and -0 validate as both integers as well as floats (using FILTER_VALIDATE_FLOAT and FILTER_VALIDATE_INT). Before PHP 5.4.11 they only validated as floats (using FILTER_VALIDATE_FLOAT).

When default is set to option, default's value is used if value is not validated.

版本	说明
7.4.0	Added `min_range` and `max_range` options for `FILTER_VALIDATE_FLOAT`.
7.0.0	Added `FILTER_FLAG_HOSTNAME`
5.5.0	Added `FILTER_VALIDATE_MAC`
5.2.1	`FILTER_VALIDATE_URL` now implicitly uses `FILTER_FLAG_SCHEME_REQUIRED` and `FILTER_FLAG_HOST_REQUIRED`.

Sanitize filters

ID	Name	Flags	Description
`FILTER_SANITIZE_EMAIL`	"email"		Remove all characters except letters, digits and !#$%&'+-=?^_`{\|}~@.[]*.
`FILTER_SANITIZE_ENCODED`	"encoded"	`FILTER_FLAG_STRIP_LOW`, `FILTER_FLAG_STRIP_HIGH`, `FILTER_FLAG_STRIP_BACKTICK`, `FILTER_FLAG_ENCODE_LOW`, `FILTER_FLAG_ENCODE_HIGH`	URL-encode string, optionally strip or encode special characters.
`FILTER_SANITIZE_MAGIC_QUOTES`	"magic_quotes"		Apply addslashes.
`FILTER_SANITIZE_NUMBER_FLOAT`	"number_float"	`FILTER_FLAG_ALLOW_FRACTION`, `FILTER_FLAG_ALLOW_THOUSAND`, `FILTER_FLAG_ALLOW_SCIENTIFIC`	Remove all characters except digits, +- and optionally .,eE.
`FILTER_SANITIZE_NUMBER_INT`	"number_int"		Remove all characters except digits, plus and minus sign.
`FILTER_SANITIZE_SPECIAL_CHARS`	"special_chars"	`FILTER_FLAG_STRIP_LOW`, `FILTER_FLAG_STRIP_HIGH`, `FILTER_FLAG_STRIP_BACKTICK`, `FILTER_FLAG_ENCODE_HIGH`	HTML-escape '"\<>& and characters with ASCII value less than 32, optionally strip or encode other special characters.
`FILTER_SANITIZE_FULL_SPECIAL_CHARS`	"full_special_chars"	`FILTER_FLAG_NO_ENCODE_QUOTES`,	Equivalent to calling htmlspecialchars with `ENT_QUOTES` set. Encoding quotes can be disabled by setting `FILTER_FLAG_NO_ENCODE_QUOTES`. Like htmlspecialchars, this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0.
`FILTER_SANITIZE_STRING`	"string"	`FILTER_FLAG_NO_ENCODE_QUOTES`, `FILTER_FLAG_STRIP_LOW`, `FILTER_FLAG_STRIP_HIGH`, `FILTER_FLAG_STRIP_BACKTICK`, `FILTER_FLAG_ENCODE_LOW`, `FILTER_FLAG_ENCODE_HIGH`, `FILTER_FLAG_ENCODE_AMP`	Strip tags, optionally strip or encode special characters.
`FILTER_SANITIZE_STRIPPED`	"stripped"		Alias of "string" filter.
`FILTER_SANITIZE_URL`	"url"		Remove all characters except letters, digits and $-_.+!'(),{}\|\\^~[]`\<>#%";/?:@&=*.
`FILTER_UNSAFE_RAW`	"unsafe_raw"	`FILTER_FLAG_STRIP_LOW`, `FILTER_FLAG_STRIP_HIGH`, `FILTER_FLAG_STRIP_BACKTICK`, `FILTER_FLAG_ENCODE_LOW`, `FILTER_FLAG_ENCODE_HIGH`, `FILTER_FLAG_ENCODE_AMP`	Do nothing, optionally strip or encode special characters. This filter is also aliased to `FILTER_DEFAULT`.

Warning

When using one of these filters as a default filter either through your ini file or through your web server's configuration, the default flags is set to FILTER_FLAG_NO_ENCODE_QUOTES. You need to explicitly set filter.default_flags to 0 to have quotes encoded by default. Like this:

示例 #1 Configuring the default filter to act like htmlspecialchars

filter.default = full_special_chars
filter.default_flags = 0

版本	说明
5.2.11/5.3.1	Slashes (/) are removed by `FILTER_SANITIZE_EMAIL`. Prior they were retained.

Other filters

ID	Name	Options	Flags	Description
`FILTER_CALLBACK`	"callback"	callable function or method	All flags are ignored	Call user-defined function to filter data.

Filter flags

**List of filter flags**
ID	Used with	Description
`FILTER_FLAG_STRIP_LOW`	`FILTER_SANITIZE_ENCODED`, `FILTER_SANITIZE_SPECIAL_CHARS`, `FILTER_SANITIZE_STRING`, `FILTER_UNSAFE_RAW`	Strips characters that have a numerical value <32.
`FILTER_FLAG_STRIP_HIGH`	`FILTER_SANITIZE_ENCODED`, `FILTER_SANITIZE_SPECIAL_CHARS`, `FILTER_SANITIZE_STRING`, `FILTER_UNSAFE_RAW`	Strips characters that have a numerical value >127.
`FILTER_FLAG_STRIP_BACKTICK`	`FILTER_SANITIZE_ENCODED`, `FILTER_SANITIZE_SPECIAL_CHARS`, `FILTER_SANITIZE_STRING`, `FILTER_UNSAFE_RAW`	Strips backtick characters.
`FILTER_FLAG_ALLOW_FRACTION`	`FILTER_SANITIZE_NUMBER_FLOAT`	Allows a period (.) as a fractional separator in numbers.
`FILTER_FLAG_ALLOW_THOUSAND`	`FILTER_SANITIZE_NUMBER_FLOAT`, `FILTER_VALIDATE_FLOAT`	Allows a comma (,) as a thousands separator in numbers.
`FILTER_FLAG_ALLOW_SCIENTIFIC`	`FILTER_SANITIZE_NUMBER_FLOAT`	Allows an e or E for scientific notation in numbers.
`FILTER_FLAG_NO_ENCODE_QUOTES`	`FILTER_SANITIZE_STRING`	If this flag is present, single (') and double (") quotes will not be encoded.
`FILTER_FLAG_ENCODE_LOW`	`FILTER_SANITIZE_ENCODED`, `FILTER_SANITIZE_STRING`, `FILTER_SANITIZE_RAW`	Encodes all characters with a numerical value <32.
`FILTER_FLAG_ENCODE_HIGH`	`FILTER_SANITIZE_ENCODED`, `FILTER_SANITIZE_SPECIAL_CHARS`, `FILTER_SANITIZE_STRING`, `FILTER_SANITIZE_RAW`	Encodes all characters with a numerical value >127.
`FILTER_FLAG_ENCODE_AMP`	`FILTER_SANITIZE_STRING`, `FILTER_SANITIZE_RAW`	Encodes ampersands (&).
`FILTER_NULL_ON_FAILURE`	`FILTER_VALIDATE_BOOLEAN`	Returns `null` for unrecognized boolean values.
`FILTER_FLAG_ALLOW_OCTAL`	`FILTER_VALIDATE_INT`	Regards inputs starting with a zero (0) as octal numbers. This only allows the succeeding digits to be 0-7.
`FILTER_FLAG_ALLOW_HEX`	`FILTER_VALIDATE_INT`	Regards inputs starting with 0x or 0X as hexadecimal numbers. This only allows succeeding characters to be a-fA-F0-9.
`FILTER_FLAG_EMAIL_UNICODE`	`FILTER_VALIDATE_EMAIL`	Allows the local part of the email address to contain Unicode characters.
`FILTER_FLAG_IPV4`	`FILTER_VALIDATE_IP`	Allows the IP address to be in IPv4 format.
`FILTER_FLAG_IPV6`	`FILTER_VALIDATE_IP`	Allows the IP address to be in IPv6 format.
`FILTER_FLAG_NO_PRIV_RANGE`	`FILTER_VALIDATE_IP`	Fails validation for the following private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. Fails validation for the IPv6 addresses starting with FD or FC.
`FILTER_FLAG_NO_RES_RANGE`	`FILTER_VALIDATE_IP`	Fails validation for the following reserved IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8 and 240.0.0.0/4. Fails validation for the following reserved IPv6 ranges: ::1/128, ::/128, ::ffff:0:0/96 and fe80::/10.
`FILTER_FLAG_SCHEME_REQUIRED`	`FILTER_VALIDATE_URL`	Requires the URL to contain a scheme part.
`FILTER_FLAG_HOST_REQUIRED`	`FILTER_VALIDATE_URL`	Requires the URL to contain a host part.
`FILTER_FLAG_PATH_REQUIRED`	`FILTER_VALIDATE_URL`	Requires the URL to contain a path part.
`FILTER_FLAG_QUERY_REQUIRED`	`FILTER_VALIDATE_URL`	Requires the URL to contain a query string.
`FILTER_REQUIRE_SCALAR`		Requires the value to be scalar.
`FILTER_REQUIRE_ARRAY`		Requires the value to be an array.
`FILTER_FORCE_ARRAY`		If the value is a scalar, it is treated as array with the scalar value as only element.

版本	说明
7.3.0	The explicit usage of `FILTER_FLAG_SCHEME_REQUIRED` and `FILTER_FLAG_HOST_REQUIRED` has been deprecated.
7.1.0	`FILTER_FLAG_EMAIL_UNICODE` has been added.
5.3.2	`FILTER_FLAG_STRIP_BACKTICK` has been added.
5.2.10	`FILTER_FLAG_NO_RES_RANGE` supports also IPv6 addresses.