(PHP 5 >= 5.2.0)
filter_var — Filtern einer Variablen durch einen spezifischen Filter
Wert der gefiltert werden soll. Arrays werden rekursiv gefiltert.
ID des zu benutztenden Filters. Standard ist FILTER_SANITIZE_STRING.
Assoziatives Array mit Optionen oder bitweise Disjunktion von Flags. Wenn der Filter Optionen akzeptiert, können Flags auch im "flags" Feld des Arrays angegeben werden. Für "callback" Filter sollte der callback-Typ angegeben werden.
Gibt die gefilterten Daten zurück oder FALSE wenn fehlgeschlagen.
Beispiel #1 filter_var()-Beispiel
<?php
var_dump(filter_var('bob@example.com', FILTER_VALIDATE_EMAIL));
var_dump(filter_var('example.com', FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED));
?>
Das oben gezeigte Beispiel erzeugt folgende Ausgabe:
string(15) "bob@example.com" bool(false)
Please note that filter flag FILTER_FLAG_SCHEME_REQUIRED from Example #1 is false!
The flag is not defined on and cannot be used.
Both examples below return false:
<?php
var_dump(filter_var('example.com', FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED));
var_dump(filter_var('example.com', FILTER_VALIDATE_URL));
?>
The source of filters shows that:
- It always returns false when the scheme is NULL.
- FILTER_FLAG_SCHEME_REQUIRED is not used there.
So be aware that example.com will never be validated.
This function will return FALSE on failure but be careful validating boolean values:
Validation failed:
<?php filter_var('abc', FILTER_VALIDATE_BOOLEAN); // bool(false) ?>
Validation correct:
<?php filter_var('0', FILTER_VALIDATE_BOOLEAN); // bool(false) ?>
Note that FILTER_VALIDATE_EMAIL used in isolation is not enough for most (if not all) web based registration forms.
It will happily pronounce "yourname" as valid because presumably the "@localhost" is implied, so you still have to check that the domain portion of the address exists.
It would be nice if there was a FILTER_VALIDATE_EMAIL_NON_LOCAL or similar, available by default.
Notice that filter_var with FILTER_VALIDATE_EMAIL does not work if you are trying to get a String from an XML document e.g. via xpath.
I often use XML files as configuration files and use a function that returns a string from the config file via xpath. While this worked fine before 5.2.11, it doesn't anymore (and shouldn't, since it's an XML Element, not a String).
To overcome this problem, $variable can be type-casted:
<?php
$variable = fancyXmlGetFunction('from');
filter_var((String) $variable, FILTER_VALIDATE_EMAIL);
?>
If PHP >= 5.2 is not present, you can use the regular expression of the original PHP-c-file:
http://svn.php.net/viewvc/php/php-src/trunk/ext/filter/logical_filters.c
Instead of:
<?php filter_var('bob@example.com', FILTER_VALIDATE_EMAIL)); ?>
Just use preg_match(); with a copy of the original regular expression (found in the void "php_filter_validate_email") in logical_filters.c
in fact, this expression (and the original filter-funktion) ignores RFC 5321 (Section 4.5.3.1. Size Limits and Minimums).
How to pass options and flags-
<?php
$options = array();
$options['options']['min_range'] = 1;
$options['options']['max_range'] = 10;
$options['flags'] = FILTER_FLAG_ALLOW_OCTAL;
filter_var(3, FILTER_VALIDATE_INT, $options);
?>
Just a little filter to validate IP v4 & v6
This little script display result in function of the query
<?php
$ipv6="2a01:e35:aaa4:6860:a5e7:5ba9:965e:cc93";
$ipv4="82.237.3.3";
$fake = "3342423423";
$ipv4priv = "255.255.255.255";
$ipv6priv = "::1";
echo "<pre>";
echo $ipv4;
echo "<br />";
var_dump(filter_var($ipv4,FILTER_VALIDATE_IP));
echo "<br />";
echo $ipv6;
echo "<br />";
var_dump(filter_var($ipv6,FILTER_VALIDATE_IP));
echo "<br />";
echo $fake;
echo "<br />";
var_dump(filter_var($fake,FILTER_VALIDATE_IP));
echo "<br />";
echo $ipv4priv;
echo "<br/>";
echo "FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE";
echo "<br />";
var_dump(filter_var($ipv4priv,FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE));
echo "<br />";
echo $ipv4priv;
echo "<br/>";
echo "FILTER_FLAG_NO_PRIV_RANGE";
echo "<br />";
var_dump(filter_var($ipv4priv,FILTER_FLAG_NO_PRIV_RANGE));
echo "<br />";
echo $ipv6priv;
echo "<br/>";
echo "FILTER_FLAG_NO_PRIV_RANGE";
echo "<br />";
var_dump(filter_var($ipv6priv,FILTER_FLAG_NO_PRIV_RANGE));
echo "<br />";
echo $ipv6priv;
echo "<br />";
var_dump(filter_var($ipv6priv,FILTER_VALIDATE_IP));
echo "</pre>";
?>
Here's an actual example of the filter syntax with a flag since there doesn't appear to be a one liner for this anywhere:
'hours' => array('filter'=>FILTER_SANITIZE_NUMBER_FLOAT, 'flags' => FILTER_FLAG_ALLOW_FRACTION, 'options'=> '.')
Note that when using FILTER_VALIDATE_INT along with the FILTER_FLAG_ALLOW_HEX flag, the string "2f", for example, is not validated successfully, because you must use the "0x" prefix, otherwise, it treats the data as base 10.
The range options are also smart enough to recognize when the boundaries are exceeded in different bases.
Here's an example:
<?php
$foo = '256';
$bar = '0x100';
var_dump(validate_int($foo)); // false, too large
var_dump(validate_int($bar)); // false, too large
function validate_int($input)
{
return filter_var(
$input,
FILTER_VALIDATE_INT,
// We must pass an associative array
// to include the range check options.
array(
'flags' => FILTER_FLAG_ALLOW_HEX,
'options' => array('min_range' => 1, 'max_range' => 0xff)
)
);
}
?>
Here are the other possible flags that you can use:
http://us3.php.net/manual/hu/ref.filter.php
Here is how to use multiple flags (for those who learn better by example, like me):
<?php
echo "|asdf".chr(9).chr(128)."_123|";
echo "\n";
// "bitwise conjunction" means logic OR / bitwise |
echo filter_var("|asdf".chr(9).chr(128)."_123\n|" ,FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
/*
Results:
|asdf �_123|
|asdf_123|
*/
?>
Using the FILTER_CALLBACK requires an array to be passed as the options:
<?php
function toDash($x){
return str_replace("_","-",$x);
}
echo filter_var("asdf_123",FILTER_CALLBACK,array("options"=>"toDash"));
// returns 'asdf-123'
?>
I managed to get this to work with PHP 5.1.6 on CentOS 5 with minor difficulty.
1) Download the PECL filter package
2) Extract the tarball
3) phpize the directory
4) ./configure
5) make
6) filter-0.11.0/logical_filters.c:25:31: error: ext/pcre/php_pcre.h: No such file or directory
7) find / -name php_pcre.h
8) Make sure php-devel is installed
9) Edit filter-0.11.0/logical_filters.c and replace "ext/pcre/php_pcre.h" with the absolute path of php_pcre.h
10) make
11) make install
12) add "extension=filter.so" to php.ini
13) Restart Apache