Code has been added to clipboard!

Learn to Use PHP Filter: Functions to up Your Security Level

Reading time 3 min
Published Aug 8, 2017
Updated Oct 15, 2019

We might have already discussed PHP filters once or twice. Using them is important for the safety of the website or application you are creating.

We prepared a clear list of PHP filter functions and predefined constants that you can quickly refer to. If suddenly you need to PHP validate strings, encode special characters or perform other filtering duties, we are here for your every need.

PHP Filter: Main Tips

  • PHP filters are used to sort, validate and otherwise filter data using PHP script.
  • Since the PHP version 5.2.0, the filter functions are available by default, so they don't have to be installed.
  • filter_var in PHP might be considered one of the most valuable functions.

Options for Runtime Configuration

Always remember that the work of these functions is affected by the settings located in php.ini:

Name Description Default value Changeable
filter.default Filter every $_POST, $_GET, $_REQUEST, $_COOKIE, and $_SERVER piece of data using this filter. This setting accepts the name of the particular filter you would like to use. You can see the PHP filters listed below. "unsafe_raw" PHP_INI_PERDIR
filter.default_flags Set the default flags that are applied whenever the default PHP filter is set. For backward compatibility reasons, this setting is, by default, set to FILTER_FLAG_NO_ENCODE_QUOTES. NULL PHP_INI_PERDIR

List of Functions to Apply

In the table below, you can see a list of useful functions that can be used with PHP filters. They are valid in PHP 5.2 and all newer versions:

Function Description
filter_has_var() Check whether variable of a specified input type exists or not
filter_id() Return filter ID of specified filter name
filter_input() Get external variable (e.g. from form field input) then optionally filter
filter_input_array() Get external variables (e.g. from form field input) then optionally filter
filter_list() Return list of all supported filters
filter_var_array() Get multiple variables and filter them
filter_var() Filter variable with a specified filter

Relevant Predefined Constants

Take a look at these predefined constants. You may find them useful when performing PHP filtering as well:

Constant ID Description
FILTER_VALIDATE_BOOLEAN 258 Validate boolean
FILTER_VALIDATE_EMAIL 274 Validate e-mail address
FILTER_VALIDATE_FLOAT 259 Validate float
FILTER_VALIDATE_INT 257 Validate integer
FILTER_VALIDATE_IP 275 Validate IP address
FILTER_VALIDATE_REGEXP 272 Validate regular expression
FILTER_VALIDATE_URL 273 Validate URL
FILTER_SANITIZE_EMAIL 517 Remove every illegal character from e-mail address
FILTER_SANITIZE_ENCODED 514 Remove/Encode special characters
FILTER_SANITIZE_MAGIC_QUOTES 521 Apply addslashes() function
FILTER_SANITIZE_NUMBER_FLOAT 520 Remove every character, except for digits, +- and optionally .,eE
FILTER_SANITIZE_NUMBER_INT 519 Remove all characters except for digits and + -
FILTER_SANITIZE_SPECIAL_CHARS 515 Remove special characters
FILTER_SANITIZE_FULL_SPECIAL_CHARS 515 Rejects strings that have sequences of bytes that make invalid characters. Results in 0 length string
FILTER_SANITIZE_STRING 513 Remove tags/special characters from string
FILTER_SANITIZE_STRIPPED 513 Alias of FILTER_SANITIZE_STRING filter
FILTER_SANITIZE_URL 518 Remove every illegal character from a URL
FILTER_UNSAFE_RAW 516 Optionally strip/encode special characters
FILTER_CALLBACK 1024 Call user-defined function to filter data

PHP Filter: Summary

  • PHP filtering is useful for coders who need to handle (in most cases, validate and sort) the data.
  • Inbuilt PHP filters have been introduced with version 5.2. If you're using this version or a newer one, there's no need to install these functions separately.
  • Coders use filter_var in PHP codes very often for its flexibility.
Tutorial
Introduction
Installation
Syntax
Variable
Superglobals
Data Types
String
Array
Multidimensional Array
Sort Array
Constant
Operators
Cookies
Sessions
DateTime
Error Handling
Exception Handling
File
Write and Create File
File Open, Read and Close
File Upload
Filtering
Redirecting
Advanced Filters
Forms
Form Required Field
Validate Email/URL
Form Validation
Form Action
Function
Prepared Statements
JSON
Calendar
ZIP File
FTP
HTTP Response
DateTime Functions
Error Functions
File Function
Filter
Math Functions
Mail Function
Miscellaneous Functions
Date Format
String Functions
Array Functions
Directory Functions
MySQL Database
MySQL Connection
MySQL Create Database
MySQL Create Table
MySQL Delete Data
MySQL Insert Data
MySQL Get Last Record ID
MySQL Insert Multiple Records
MySQL Select Data
MySQL Limit Data
MySQL Update Data
MySQLi Functions
AJAX and MySQL
AJAX Search
AJAX Poll
RSS Reader
Read XML File in PHP
XML Parser
SimpleXML Parser
SimpleXML: Node and Attribute
Expat XML Parser
DOMDocument
Libxml Functions
SimpleXML Functions
XML Parsing Functions
PHP isset
PHP echo and print
PHP if else and elseif
PHP switch case
PHP include File
PHP while Loop
PHP for and foreach
PHP mail()
PHP explode()
PHP substr()
PHP str_replace()
PHP array_push
PHP count()