filter-php-filters-php-sanitize-9

  • Types of filters

    • Sanitize filters

  • Sanitize filters

    • Sanitize filters

    Sanitize filters

    List of filters for
    sanitization
    ID Name Flags Description
    FILTER_SANITIZE_EMAIL “email”   Remove all characters except letters, digits and
    !#$%&’*+-=?^_`{|}~@.[].
    FILTER_SANITIZE_ENCODED “encoded” FILTER_FLAG_STRIP_LOW,
    FILTER_FLAG_STRIP_HIGH,
    FILTER_FLAG_STRIP_BACKTICK,
    FILTER_FLAG_ENCODE_LOW,
    FILTER_FLAG_ENCODE_HIGH     		URL-encode string, optionally strip or encode special
    characters.
    FILTER_SANITIZE_MAGIC_QUOTES “magic_quotes”   Apply addslashes().
    FILTER_SANITIZE_NUMBER_FLOAT “number_float” FILTER_FLAG_ALLOW_FRACTION,
    FILTER_FLAG_ALLOW_THOUSAND,
    FILTER_FLAG_ALLOW_SCIENTIFIC     		Remove all characters except digits, +- and optionally
    .,eE.
    FILTER_SANITIZE_NUMBER_INT “number_int”   Remove all characters except digits, plus and minus sign.
    FILTER_SANITIZE_SPECIAL_CHARS “special_chars” FILTER_FLAG_STRIP_LOW,
    FILTER_FLAG_STRIP_HIGH,
    FILTER_FLAG_STRIP_BACKTICK,
    FILTER_FLAG_ENCODE_HIGH     		HTML-escape ‘”<>& and characters with ASCII
    value less than 32, optionally strip or encode other special
    characters.
    FILTER_SANITIZE_FULL_SPECIAL_CHARS “full_special_chars” FILTER_FLAG_NO_ENCODE_QUOTES, Equivalent to calling htmlspecialchars() with
    ENT_QUOTES set. Encoding quotes can
    be disabled by setting
    FILTER_FLAG_NO_ENCODE_QUOTES. Like
    htmlspecialchars(), this filter is
    aware of the default_charset and if a sequence of bytes is detected
    that makes up an invalid character in the current character set
    then the entire string is rejected resulting in a 0-length string.
    When using this filter as a default filter, see the warning below
    about setting the default flags to 0.
    FILTER_SANITIZE_STRING “string” FILTER_FLAG_NO_ENCODE_QUOTES,
    FILTER_FLAG_STRIP_LOW,
    FILTER_FLAG_STRIP_HIGH,
    FILTER_FLAG_STRIP_BACKTICK,
    FILTER_FLAG_ENCODE_LOW,
    FILTER_FLAG_ENCODE_HIGH,
    FILTER_FLAG_ENCODE_AMP     		Strip tags, optionally strip or encode special characters.
    FILTER_SANITIZE_STRIPPED “stripped”   Alias of “string” filter.
    FILTER_SANITIZE_URL “url”   Remove all characters except letters, digits and
    $-_.+!*'(),{}|\\^~[]`<>#%”;/?:@&=.
    FILTER_UNSAFE_RAW “unsafe_raw” FILTER_FLAG_STRIP_LOW,
    FILTER_FLAG_STRIP_HIGH,
    FILTER_FLAG_STRIP_BACKTICK,
    FILTER_FLAG_ENCODE_LOW,
    FILTER_FLAG_ENCODE_HIGH,
    FILTER_FLAG_ENCODE_AMP     		Do nothing, optionally strip or encode special characters. This
    filter is also aliased to
    FILTER_DEFAULT.
    Warning

    When using one of these filters as a default filter
    either through your ini file or through your web server’s
    configuration, the default flags is set to
    FILTER_FLAG_NO_ENCODE_QUOTES. You
    need to explicitly set filter.default_flags to 0 to have quotes
    encoded by default. Like this:

    Example #1 Configuring the default filter to act like
    htmlspecialchars

    filter.default = full_special_chars
    filter.default_flags = 0

    Changelog

    Version Description
    5.2.11/5.3.1 Slashes (/) are removed by
    FILTER_SANITIZE_EMAIL. Prior they
    were retained.