| ID | Name | Options | Flags | Description |
|---|---|---|---|---|
FILTER_SANITIZE_EMAIL |
"email" | Remove all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[]. | ||
FILTER_SANITIZE_ENCODED |
"encoded" |
FILTER_FLAG_STRIP_LOW,
FILTER_FLAG_STRIP_HIGH,
FILTER_FLAG_ENCODE_LOW,
FILTER_FLAG_ENCODE_HIGH
|
URL-encode string, optionally strip or encode special characters. | |
FILTER_SANITIZE_MAGIC_QUOTES |
"magic_quotes" | Apply addslashes(). | ||
FILTER_SANITIZE_NUMBER_FLOAT |
"number_float" |
FILTER_FLAG_ALLOW_FRACTION,
FILTER_FLAG_ALLOW_THOUSAND,
FILTER_FLAG_ALLOW_SCIENTIFIC
|
Remove all characters except digits, +- and optionally .,eE. | |
FILTER_SANITIZE_NUMBER_INT |
"number_int" | Remove all characters except digits, plus and minus sign. | ||
FILTER_SANITIZE_SPECIAL_CHARS |
"special_chars" |
FILTER_FLAG_STRIP_LOW,
FILTER_FLAG_STRIP_HIGH,
FILTER_FLAG_ENCODE_HIGH
|
HTML-escape '"<>& and characters with ASCII value less than 32, optionally strip or encode other special characters. | |
FILTER_SANITIZE_FULL_SPECIAL_CHARS |
"full_special_chars" |
FILTER_FLAG_NO_ENCODE_QUOTES,
|
Equivalent to calling htmlspecialchars() with ENT_QUOTES set. Encoding quotes can
be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars(), this
filter is aware of the default_charset and if a sequence of bytes is detected that
makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string.
When using this filter as a default filter, see the warning below about setting the default flags to 0.
|
|
FILTER_SANITIZE_STRING |
"string" |
FILTER_FLAG_NO_ENCODE_QUOTES,
FILTER_FLAG_STRIP_LOW,
FILTER_FLAG_STRIP_HIGH,
FILTER_FLAG_ENCODE_LOW,
FILTER_FLAG_ENCODE_HIGH,
FILTER_FLAG_ENCODE_AMP
|
Strip tags, optionally strip or encode special characters. | |
FILTER_SANITIZE_STRIPPED |
"stripped" | Alias of "string" filter. | ||
FILTER_SANITIZE_URL |
"url" | Remove all characters except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=. | ||
FILTER_UNSAFE_RAW |
"unsafe_raw" |
FILTER_FLAG_STRIP_LOW,
FILTER_FLAG_STRIP_HIGH,
FILTER_FLAG_ENCODE_LOW,
FILTER_FLAG_ENCODE_HIGH,
FILTER_FLAG_ENCODE_AMP
|
Do nothing, optionally strip or encode special characters. |
When using one of these filters as a default filter either through your ini file
or through your web server's configuration, the default flags is set to
FILTER_FLAG_NO_ENCODE_QUOTES. You need to explicitly set
filter.default_flags to 0 to have quotes encoded by default. Like this:
Example #1 Configuring the default filter to act like htmlspecialchars
filter.default = full_special_chars
filter.default_flags = 0