Predefined Constants

The constants below are defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime.

Input Constants

These constants are used by filter_input() and filter_input_array().

INPUT_POST (int)

POST variables.

INPUT_GET (int)

GET variables.

INPUT_COOKIE (int)

COOKIE variables.

INPUT_ENV (int)

ENV variables.

INPUT_SERVER (int)

SERVER variables.

INPUT_SESSION (int)

SESSION variables. (Removed as of PHP 8.0.0; was not implemented previously)

INPUT_REQUEST (int)

REQUEST variables. (Removed as of PHP 8.0.0; was not implemented previously)

Generic Filter Flags

FILTER_FLAG_NONE (int)

No flags.

FILTER_REQUIRE_SCALAR (int)

Flag used to require the input of the filter to be a scalar.

FILTER_REQUIRE_ARRAY (int)

Flag used to require the input of the filter to be an array.

FILTER_FORCE_ARRAY (int)

This flags wraps scalar inputs into a one element array for filters which operate on arrays.

FILTER_NULL_ON_FAILURE (int)

Use null instead of false on failure. Usable with any validation FILTER_VALIDATE_* filter.

Sanitization Filter Flags

FILTER_FLAG_STRIP_LOW (int)

Strip characters with ASCII value less than 32.

FILTER_FLAG_STRIP_HIGH (int)

Strip characters with ASCII value greater than 127.

FILTER_FLAG_STRIP_BACKTICK (int)

Strips backtick (`) characters.

FILTER_FLAG_ENCODE_LOW (int)

Encode characters with ASCII value less than 32.

FILTER_FLAG_ENCODE_HIGH (int)

Encode characters with ASCII value greater than 127.

FILTER_FLAG_ENCODE_AMP (int)

Encode &.

FILTER_FLAG_NO_ENCODE_QUOTES (int)

Singe and double quotes (' and ") will not be encoded.

FILTER_FLAG_EMPTY_STRING_NULL (int)

If sanitizing a string results in an empty string, convert the value to null

Validation Filters

FILTER_VALIDATE_BOOL (int)

Returns true for "1", "true", "on", and "yes". Returns false for "0", "false", "off", "no", and "". The return value for non-boolean values depends on the FILTER_NULL_ON_FAILURE. If it is set, null is returned, otherwise false is returned.

Available options

default

Value to return in case the filter fails.

Available as of PHP 8.0.0.

FILTER_VALIDATE_BOOLEAN (int)

Alias of FILTER_VALIDATE_BOOL. The alias was available prior to the introduction of its canonical name in PHP 8.0.0.

FILTER_VALIDATE_INT (int)

Validates whether the value is an integer, on success it is converted to type int.

Note: String values are trimmed using trim() before validation.

Available options

default

Value to return in case the filter fails.

min_range

Value is only valid if it is greater than or equal to the provided value.

max_range

Value is only valid if it is less than or equal to the provided value.

Optional Flags

FILTER_FLAG_ALLOW_OCTAL (int)

Allow integers in octal notation (0[0-7]+).

FILTER_FLAG_ALLOW_HEX (int)

Allow integers in hexadecimal notation (0x[0-9a-fA-F]+).

FILTER_VALIDATE_FLOAT (int)

Validates whether the value is a float, on success it is converted to type float.

Note: String values are trimmed using trim() before validation.

Available options

default

Value to return in case the filter fails.

decimal

min_range

Value is only valid if it is greater than or equal to the provided value. Available as of PHP 7.4.0.

max_range

Value is only valid if it is less than or equal to the provided value. Available as of PHP 7.4.0.

Optional Flags

FILTER_FLAG_ALLOW_THOUSAND (int)

Accept commas (,), which usually represent the thousand separator.

FILTER_VALIDATE_REGEXP (int)

Validates value against the regular expression provided by the regexp option.

Available options

default

Value to return in case the filter fails.

regexp

Perl-compatible regular expression.

FILTER_VALIDATE_URL (int)

Validates whether the URL name is valid according to » http://www.faqs.org/rfcs/rfc2396.

Available options

default

Value to return in case the filter fails.

Optional Flags

FILTER_FLAG_SCHEME_REQUIRED (int)

Requires the URL to contain a scheme part. (Deprecated as of PHP 7.3.0 and removed as of PHP 8.0.0, as it is implied by the filter already.)

FILTER_FLAG_HOST_REQUIRED (int)

Requires the URL to contain a host part. (Deprecated as of PHP 7.3.0 and removed as of PHP 8.0.0, as it is implied by the filter already.)

FILTER_FLAG_PATH_REQUIRED (int)

Requires the URL to contain a path part.

FILTER_FLAG_QUERY_REQUIRED (int)

Requires the URL to contain a query part.

Warning

A valid URL may not specify the HTTP protocol (http://). Therefore, further validation may be required to determine if the URL uses an expected protocol, e.g. ssh:// or mailto:.

Warning

This filter only works on ASCII URLs. This means that Internationalized Domain Names (IDN) will always be rejected.

FILTER_VALIDATE_DOMAIN (int)

Validates whether the domain name is valid according to » RFC 952, » RFC 1034, » RFC 1035, » RFC 1123, » RFC 2732, and » RFC 2181.

Available options

default

Value to return in case the filter fails.

Optional Flags

FILTER_FLAG_HOSTNAME (int)

Require hostnames to start with an alphanumeric character and contain only alphanumerics or hyphens.

FILTER_VALIDATE_EMAIL (int)

Validates whether the value is a "valid" e-mail address. The validation is performed against the addr-spec syntax in » RFC 822. However, comments, whitespace folding, and dotless domain names are not supported, and thus will be rejected.

Available options

default

Value to return in case the filter fails.

Optional Flags

FILTER_FLAG_EMAIL_UNICODE (int)

Accepts Unicode characters in the local part. Available as of PHP 7.1.0.

Warning

Email validation is complex and the only true way to confirm an email is valid and exists is to send an email to the address.

FILTER_VALIDATE_IP (int)

Validates value as IP address.

Available options

default

Value to return in case the filter fails.

Optional Flags

FILTER_FLAG_IPV4 (int)

Allow IPv4 address.

FILTER_FLAG_IPV6 (int)

Allow IPv6 address.

FILTER_FLAG_NO_RES_RANGE (int)

Deny reserved addresses. These are the ranges that are marked as Reserved-By-Protocol in » RFC 6890.

Which for IPv4 corresponds to the following ranges: 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 240.0.0.0/4.

And for IPv6 corresponds to the following ranges: ::1/128, ::/128, ::FFFF:0:0/96, FE80::/10.

FILTER_FLAG_NO_PRIV_RANGE (int)

Deny private addresses.

These are IPv4 addresses which are in the following ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.

These are IPv6 addresses starting with FD or FC.

FILTER_FLAG_GLOBAL_RANGE (int)

Only allow global addresses. These can be found in » RFC 6890 where the Global attribute is True. Available as of PHP 8.2.0.

FILTER_VALIDATE_MAC (int)

Validates whether the value is a MAC address.

Available options

default

Value to return in case the filter fails.

Sanitizing Filters

FILTER_UNSAFE_RAW (int)

ID of "unsafe_raw" filter.

FILTER_DEFAULT (int)

Alias of FILTER_UNSAFE_RAW.

FILTER_SANITIZE_STRING (int)

ID of "string" filter. (Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.)

FILTER_SANITIZE_STRIPPED (int)

Alias of FILTER_SANITIZE_STRING. (Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.)

FILTER_SANITIZE_ENCODED (int)

ID of "encoded" filter.

FILTER_SANITIZE_SPECIAL_CHARS (int)

ID of "special_chars" filter.

FILTER_SANITIZE_FULL_SPECIAL_CHARS (int)

ID of "full_special_chars" filter.

FILTER_SANITIZE_EMAIL (int)

Sanitize the string by remove all characters except latin letters ([a-zA-Z]), digits ([0-9]), and the special characters !#$%&'*+-=?^_`{|}~@.[].

FILTER_SANITIZE_URL (int)

Sanitize the string by remove all characters except latin letters ([a-zA-Z]), digits ([0-9]), and the special characters $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=.

FILTER_SANITIZE_NUMBER_INT (int)

Sanitize the string by remove all characters except digits ([0-9]), plus sign (+), and minus sign (-).

FILTER_SANITIZE_NUMBER_FLOAT (int)

Sanitize the string by remove all characters except digits ([0-9]), plus sign (+), and minus sign (-).

Optional Flags

FILTER_FLAG_ALLOW_FRACTION (int)

Accept dot (.) character, which usually represents the separator between the integer and fractional parts.

FILTER_FLAG_ALLOW_THOUSAND (int)

Accept commas (,) character, which usually represents the thousand separator.

FILTER_FLAG_ALLOW_SCIENTIFIC (int)

Accept numbers in scientific notation by allowing the e and E characters.

FILTER_SANITIZE_ADD_SLASHES (int)

Apply addslashes() to the input. Available as of PHP 7.3.0.

FILTER_SANITIZE_MAGIC_QUOTES (int)

Alias of FILTER_SANITIZE_ADD_SLASHES. (DEPRECATED as of PHP 7.3.0 and REMOVED as of PHP 8.0.0)

User Defined Filter

FILTER_CALLBACK (int)

ID of "callback" filter.