Types of filters
Notably missing is a way to validate text entry as printable,
printable multiline,
or printable and safe (tag free)
FILTER_VALIDATE_TEXT, which validates no special characters
perhaps with FILTER_FLAG_ALLOW_NEWLINE
and FILTER_FLAG_NOTAG to disallow tag starters
Validate filters
| ID | Name | Options | Flags | Description |
|---|---|---|---|---|
| FILTER_VALIDATE_BOOLEAN | "boolean" | FILTER_NULL_ON_FAILURE |
Returns TRUE for "1", "true", "on" and "yes". Returns FALSE otherwise. If FILTER_NULL_ON_FAILURE is set, FALSE is returned only for "0", "false", "off", "no", and "", and NULL is returned for all non-boolean values. |
|
| FILTER_VALIDATE_EMAIL | "validate_email" | Validates value as e-mail. | ||
| FILTER_VALIDATE_FLOAT | "float" | decimal | FILTER_FLAG_ALLOW_THOUSAND | Validates value as float. |
| FILTER_VALIDATE_INT | "int" | min_range, max_range | FILTER_FLAG_ALLOW_OCTAL, FILTER_FLAG_ALLOW_HEX | Validates value as integer, optionally from the specified range. |
| FILTER_VALIDATE_IP | "validate_ip" | FILTER_FLAG_IPV4, FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE | Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges. | |
| FILTER_VALIDATE_REGEXP | "validate_regexp" | regexp | Validates value against regexp, a Perl-compatible regular expression. | |
| FILTER_VALIDATE_URL | "validate_url" | FILTER_FLAG_PATH_REQUIRED, FILTER_FLAG_QUERY_REQUIRED | Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396), optionally with required components. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail. |
Note:
Numbers +0 and -0 are not valid integers but validate as floats.
add a note
User Contributed Notes
Validate filters - [13 notes]
bee kay two at em ee dot com ¶
1 year ago
rowan dot collins at gmail dot com ¶
2 months ago
Regarding "partial" addresses with no . in the domain part, a comment in the source code (in ext/filter/logical_filters.c) justifies this rejection thus:
* The regex below is based on a regex by Michael Rushton.
* However, it is not identical. I changed it to only consider routeable
* addresses as valid. Michael's regex considers a@b a valid address
* which conflicts with section 2.3.5 of RFC 5321 which states that:
*
* Only resolvable, fully-qualified domain names (FQDNs) are permitted
* when domain names are used in SMTP. In other words, names that can
* be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
* in Section 5) are permitted, as are CNAME RRs whose targets can be
* resolved, in turn, to MX or address RRs. Local nicknames or
* unqualified names MUST NOT be used.
chastell at chastell dot net ¶
2 years ago
example@example is a perfectly valid email address – I use chastell@localhost and chastell@devielle (my computer’s name) email addresses all the time and they get delivered just fine.
Clifton ¶
2 years ago
FILTER_VALIDATE_EMAIL does NOT allow incomplete e-mail addresses to be validated as mentioned by Tomas.
Using the following code:
<?php
$email = "clifton@example"; //Note the .com missing
echo "PHP Version: ".phpversion().'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo $email.'<br>';
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}
?>
Returns:
PHP Version: 5.2.14 //On MY server, may be different depending on which version you have installed.
bool(false)
While the following code:
<?php
$email = "clifton@example.com"; //Note the .com added
echo "PHP Version: ".phpversion().'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo $email.'<br>';
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}
?>
Returns:
PHP Version: 5.2.14 //On MY server, may be different depending on which version you have installed.
clifton@example.com
string(16) "clifton@example.com"
This feature is only available for PHP Versions (PHP 5 >= 5.2.0) according to documentation. So make sure your version is correct.
Cheers,
Clifton
boy at relaxnow dot nl ¶
7 months ago
FILTER_VALIDATE_URL does not work with URNs, examples of valid URIs according to RFC3986 and if they are accepted by FILTER_VALIDATE_URL:
[PASS] ftp://ftp.is.co.za.example.org/rfc/rfc1808.txt
[PASS] gopher://spinaltap.micro.umn.example.edu/00/Weather/California/Los%20Angeles
[PASS] http://www.math.uio.no.example.net/faq/compression-faq/part1.html
[PASS] mailto:mduerst@ifi.unizh.example.gov
[PASS] news:comp.infosystems.www.servers.unix
[PASS] telnet://melvyl.ucop.example.edu/
[PASS] http://www.ietf.org/rfc/rfc2396.txt
[PASS] ldap://[2001:db8::7]/c=GB?objectClass?one
[PASS] mailto:John.Doe@example.com
[PASS] news:comp.infosystems.www.servers.unix
[FAIL] tel:+1-816-555-1212
[PASS] telnet://192.0.2.16:80/
[FAIL] urn:oasis:names:specification:docbook:dtd:xml:4.1.2
Tom ¶
1 year ago
Be aware!
In contrary to what the docs say (at least in PHP 5.3.1), this line:
$value = filter_var(FALSE, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
Will return NULL - not false. In other words: a boolean FALSE is not considered a valid boolean value by this function.
Also:
$value = filter_var("", FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
Will also return NULL - no matter what the docs say. So (string) FALSE is not considered a valid boolean input either.
Thus be aware the that correct usage/workaround for this filter is:
if (!is_bool($value)) {
$value= filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
}
For those of you who feel this is counterintuitive, note that there is an issue filed for this in the bug-tracker.
So you might want to follow the discussion there or vote for issue #49510.
Griff ¶
1 year ago
<< FILTER_VALIDATE_EMAIL allows incomplete e-mail addresses to be validated, for examle john@gmail will validate as a proper e-mail address >>
"Plain" hostnames with no dots are valid in email addresses -
for example, "me@localhost".
php dot net at piskvor dot org ¶
2 years ago
FILTER_VALIDATE_EMAIL is discarding valid e-mail addresses containing IDN. Since there are real, live IDNs on the Internet, that means the filtered output is too strict, leading to false negatives.
Punycode-encoded IDN addresses pass the filter correctly; so before checking for validity, it is necessary to convert the e-mail address to punycode.
pravila at alumni dot calpoly dot edu ¶
3 years ago
Take caution when using the FILTER_VALIDATE_BOOLEAN filter as it seems to have different behaviors when used in the filter_var() vs. the filter_input() functions.
To demonstrate, let's parse some arguments from a GET request (notice how arg2 is NOT set):
example.com/script.php?arg1=yes&arg3=no
<?php
// filtering by variable
$var1 = filter_var($_GET["arg1"], FILTER_VALIDATE_BOOLEAN);
$var2 = filter_var($_GET["arg2"], FILTER_VALIDATE_BOOLEAN);
$var3 = filter_var($_GET["arg3"], FILTER_VALIDATE_BOOLEAN);
// filtering by input
$input1 = filter_input(INPUT_GET, "arg1", FILTER_VALIDATE_BOOLEAN);
$input2 = filter_input(INPUT_GET, "arg2", FILTER_VALIDATE_BOOLEAN);
$input3 = filter_input(INPUT_GET, "arg3", FILTER_VALIDATE_BOOLEAN);
// as expected...
var_dump($var1); // bool(true)
var_dump($var2); // bool(false)
var_dump($var3); // bool(false)
// NULL is not an expected return...
var_dump($input1); // bool(true)
var_dump($input2); // NULL
var_dump($input3); // bool(false)
?>
As per the documentation, the return is limited to true XOR false unless the FILTER_NULL_ON_FAILURE flag is set, but it seems as if this flag is set automatically with the filter_input() function.
(Note: same behavior for filter_var_array() vs. filter_input_array())
Levi Morrison ¶
1 year ago
It's important to note that in PHP, false==null is true. This means when you are using the FILTER_VALIDATE_BOOLEAN, you must use '===' and '!==' to check to see if something is/isn't null.
<?php
$false = filter_var('0', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
if ($false==null) {
//will execute
}
if ($false===null) {
//will not execute
}
?>
tomas dot chlouba at gmail dot com ¶
2 years ago
FILTER_VALIDATE_EMAIL allows incomplete e-mail addresses to be validated, for examle john@gmail will validate as a proper e-mail address.
eleljrk at gmail dot com ¶
2 years ago
For PHP 5.3.1 FILTER_VALIDATE_EMAIL does validate incomplete email addresses such as: example@example
Otherwise it's really good because FILTER_VALIDATE_EMAIL validates the standards of the local part very well.
This is a valid email address:
"this is a valid email@[]{}and it should be"@example.com
And FILTER_VALIDATE_EMAIL validate it.
But this isn't a valid email address:
"this is a valid email@[]{}and it should be"@example
However, FILTER_VALIDATE_EMAIL does validate it.
php at sethsyberg dot com ¶
2 years ago
When validating floats, you must use the Identical/Not identical operators for proper validation of zeros:
This will not work as expected:
<?php
$x = 0;
if (!filter_var($x, FILTER_VALIDATE_FLOAT)) {
echo "$x is a valid float";
} else {
echo "$x is NOT a valid float";
}
?>
This will work as expected:
<?php
$x = 0;
if (filter_var($x, FILTER_VALIDATE_FLOAT)!== false) {
echo "$x is a valid float";
} else {
echo "$x is NOT a valid float";
}
?>