PHP 5 Filter Functions

PHP Filter Introduction

This PHP filters is used to validate and filter data coming from insecure sources, like user input.


As of PHP 5.2.0, the filter functions are enabled by default. There is no installation needed to use these functions.

Runtime Configurations

The behavior of these functions is affected by settings in php.ini:

Name Description Default Changeable
filter.default Filter all $_GET, $_POST, $_COOKIE, $_REQUEST and $_SERVER data by this filter. Accepts the name of the filter you like to use by default. See the filter list for the list of the filter names "unsafe_raw" PHP_INI_PERDIR
filter.default_flags Default flags to apply when the default filter is set. This is set to FILTER_FLAG_NO_ENCODE_QUOTES by default for backwards compatibility reasons NULL PHP_INI_PERDIR

PHP 5 Filter Functions

Function Description
filter_has_var() Checks if a variable of a specified input type exist
filter_id() Returns the ID number of a specified filter
filter_input() Get input from outside the script and filter it
filter_input_array() Get multiple inputs from outside the script and filters them
filter_list() Returns an array of all supported filters
filter_var_array() Get multiple variables and filter them
filter_var() Get a variable and filter it

PHP Filter List

Validate Filters:

ID Name Description
FILTER_VALIDATE_BOOLEAN Return TRUE for "1", "true", "on" and "yes", FALSE for "0", "false", "off", "no", and "", NULL otherwise
FILTER_VALIDATE_EMAIL Validate value as e-mail
FILTER_VALIDATE_FLOAT Validate value as float
FILTER_VALIDATE_INT Validate value as integer, optionally from the specified range
FILTER_VALIDATE_IP Validate value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges
FILTER_VALIDATE_REGEXP Validate value against regexp, a Perl-compatible regular expression
FILTER_VALIDATE_URL Validate value as URL, optionally with required components

Sanitize Filters:

ID Name Description
FILTER_SANITIZE_EMAIL Remove all characters, except letters, digits and !#$%&'*+-/=?^_`{|}~@.[]
FILTER_SANITIZE_ENCODED URL-encode string, optionally strip or encode special characters
FILTER_SANITIZE_NUMBER_FLOAT Remove all characters, except digits, +- and optionally .,eE
FILTER_SANITIZE_NUMBER_INT Remove all characters, except digits and +-
FILTER_SANITIZE_SPECIAL_CHARS HTML-escape '"<>& and characters with ASCII value less than 32
FILTER_SANITIZE_STRING Strip tags, optionally strip or encode special characters
FILTER_SANITIZE_STRIPPED Alias of "string" filter
FILTER_SANITIZE_URL Remove all characters, except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=
FILTER_UNSAFE_RAW Do nothing, optionally strip or encode special characters

Other Filters:

ID Name Description
FILTER_CALLBACK Call a user-defined function to filter data


Color Picker