The PHP filters are used to sanitize and validate data coming from insecure roots, like user input.


Validate filters

filters for validation

IDDescription
FILTER_VALIDATE_BOOLEANReturns true for "1", "true", "on" and "yes". Returns false otherwise.
FILTER_VALIDATE_DOMAINValidates whether the domain name label lengths are valid.
FILTER_VALIDATE_EMAILValidates whether the value is a valid e-mail address.
FILTER_VALIDATE_FLOATValidates value as float, optionally from the specified range, and converts to float on success.
FILTER_VALIDATE_INTValidates value as integer, optionally from the specified range, and converts to int on success.
FILTER_VALIDATE_IPValidates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
FILTER_VALIDATE_REGEXPvalidates value against  regular expression.
FILTER_VALIDATE_URLValidates URL


Sanitize filters

The sanitize filters are used to sanitize or clean the user inputs.

IDDescription
FILTER_SANITIZE_EMAILRemove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].
FILTER_SANITIZE_ENCODEDURL-encode string, optionally strip or encode special characters.
FILTER_SANITIZE_MAGIC_QUOTESApply addslashes().
FILTER_SANITIZE_NUMBER_FLOATRemove all characters except digits, +- and optionally .,eE
FILTER_SANITIZE_NUMBER_INTRemove all characters except digits, plus and minus sign.
FILTER_SANITIZE_SPECIAL_CHARSHTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters.
FILTER_SANITIZE_FULL_SPECIAL_CHARSEquivalent to calling htmlspecialchars() with ENT_QUOTES set. Encoding quotes can be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars(), this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0.