<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<chapter xml:id="filter.filters" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<title>Types of filters</title>
<!--Validate filters: {{{-->
<section xml:id="filter.filters.validate">
<title>Validate filters</title>
<para>
<table>
<title>Listing of filters for validation</title>
<tgroup cols="5">
<thead>
<row>
<entry>ID</entry>
<entry>Name</entry>
<entry>Options</entry>
<entry>Flags</entry>
<entry>Description</entry>
</row>
</thead>
<tbody>
<row>
<entry><constant>FILTER_VALIDATE_BOOLEAN</constant></entry>
<entry>"boolean"</entry>
<entry></entry>
<entry>
<constant>FILTER_NULL_ON_FAILURE</constant>
</entry>
<entry>
<para>
Returns &true; for "1", "true", "on" and "yes".
Returns &false; otherwise.
</para>
<para>
If <constant>FILTER_NULL_ON_FAILURE</constant> is set, &false; is
returned only for "0", "false", "off", "no", and "", and
&null; is returned for all non-boolean values.
</para>
</entry>
</row>
<row>
<entry><constant>FILTER_VALIDATE_EMAIL</constant></entry>
<entry>"validate_email"</entry>
<entry></entry>
<entry></entry>
<entry>Validates value as e-mail.</entry>
</row>
<row>
<entry><constant>FILTER_VALIDATE_FLOAT</constant></entry>
<entry>"float"</entry>
<entry>
<parameter>decimal</parameter>
</entry>
<entry>
<constant>FILTER_FLAG_ALLOW_THOUSAND</constant>
</entry>
<entry>Validates value as float.</entry>
</row>
<row>
<entry><constant>FILTER_VALIDATE_INT</constant></entry>
<entry>"int"</entry>
<entry>
<parameter>min_range</parameter>,
<parameter>max_range</parameter>
</entry>
<entry>
<constant>FILTER_FLAG_ALLOW_OCTAL</constant>,
<constant>FILTER_FLAG_ALLOW_HEX</constant>
</entry>
<entry>Validates value as integer, optionally from the specified range.</entry>
</row>
<row>
<entry><constant>FILTER_VALIDATE_IP</constant></entry>
<entry>"validate_ip"</entry>
<entry></entry>
<entry>
<constant>FILTER_FLAG_IPV4</constant>,
<constant>FILTER_FLAG_IPV6</constant>,
<constant>FILTER_FLAG_NO_PRIV_RANGE</constant>,
<constant>FILTER_FLAG_NO_RES_RANGE</constant>
</entry>
<entry>
Validates value as IP address, optionally only IPv4 or IPv6 or not
from private or reserved ranges.
</entry>
</row>
<row>
<entry><constant>FILTER_VALIDATE_REGEXP</constant></entry>
<entry>"validate_regexp"</entry>
<entry>
<parameter>regexp</parameter>
</entry>
<entry></entry>
<entry>
Validates value against <parameter>regexp</parameter>, a
<link linkend="book.pcre">Perl-compatible</link> regular expression.
</entry>
</row>
<row>
<entry><constant>FILTER_VALIDATE_URL</constant></entry>
<entry>"validate_url"</entry>
<entry></entry>
<entry>
<constant>FILTER_FLAG_PATH_REQUIRED</constant>,
<constant>FILTER_FLAG_QUERY_REQUIRED</constant>
</entry>
<entry>Validates value as URL (according to <link xlink:href="&url.rfc;2396">&url.rfc;2396</link>), optionally with required components. Beware a valid URL may not specify the HTTP protocol <parameter>http://</parameter> so further validation may be required to determine the URL uses an expected protocol, e.g. <parameter>ssh://</parameter> or <parameter>mailto:</parameter>. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail.</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
<note>
<para>
Numbers +0 and -0 are not valid integers but validate as floats.
</para>
</note>
</section>
<!--}}}-->
<!-- Sanitize filters: {{{-->
<section xml:id="filter.filters.sanitize">
<title>Sanitize filters</title>
<para>
<table>
<title>List of filters for sanitization</title>
<tgroup cols="5">
<thead>
<row>
<entry>ID</entry>
<entry>Name</entry>
<entry>Options</entry>
<entry>Flags</entry>
<entry>Description</entry>
</row>
</thead>
<tbody>
<row>
<entry><constant>FILTER_SANITIZE_EMAIL</constant></entry>
<entry>"email"</entry>
<entry></entry>
<entry></entry>
<entry>
Remove all characters except letters, digits and
<literal>!#$%&'*+-/=?^_`{|}~@.[]</literal>.
</entry>
</row>
<row>
<entry><constant>FILTER_SANITIZE_ENCODED</constant></entry>
<entry>"encoded"</entry>
<entry></entry>
<entry>
<constant>FILTER_FLAG_STRIP_LOW</constant>,
<constant>FILTER_FLAG_STRIP_HIGH</constant>,
<constant>FILTER_FLAG_ENCODE_LOW</constant>,
<constant>FILTER_FLAG_ENCODE_HIGH</constant>
</entry>
<entry>URL-encode string, optionally strip or encode special characters.</entry>
</row>
<row>
<entry><constant>FILTER_SANITIZE_MAGIC_QUOTES</constant></entry>
<entry>"magic_quotes"</entry>
<entry></entry>
<entry></entry>
<entry>Apply <function>addslashes</function>.</entry>
</row>
<row>
<entry><constant>FILTER_SANITIZE_NUMBER_FLOAT</constant></entry>
<entry>"number_float"</entry>
<entry></entry>
<entry>
<constant>FILTER_FLAG_ALLOW_FRACTION</constant>,
<constant>FILTER_FLAG_ALLOW_THOUSAND</constant>,
<constant>FILTER_FLAG_ALLOW_SCIENTIFIC</constant>
</entry>
<entry>
Remove all characters except digits, <literal>+-</literal> and
optionally <literal>.,eE</literal>.
</entry>
</row>
<row>
<entry><constant>FILTER_SANITIZE_NUMBER_INT</constant></entry>
<entry>"number_int"</entry>
<entry></entry>
<entry></entry>
<entry>
Remove all characters except digits, plus and minus sign.
</entry>
</row>
<row>
<entry><constant>FILTER_SANITIZE_SPECIAL_CHARS</constant></entry>
<entry>"special_chars"</entry>
<entry></entry>
<entry>
<constant>FILTER_FLAG_STRIP_LOW</constant>,
<constant>FILTER_FLAG_STRIP_HIGH</constant>,
<constant>FILTER_FLAG_ENCODE_HIGH</constant>
</entry>
<entry>
HTML-escape <literal>'"<>&</literal> and characters with
ASCII value less than 32, optionally strip or encode other special
characters.
</entry>
</row>
<row>
<entry><constant>FILTER_SANITIZE_FULL_SPECIAL_CHARS</constant></entry>
<entry>"full_special_chars"</entry>
<entry></entry>
<entry>
<constant>FILTER_FLAG_NO_ENCODE_QUOTES</constant>,
</entry>
<entry>
Equivalent to calling <function>htmlspecialchars</function> with <constant>ENT_QUOTES</constant> set. Encoding quotes can
be disabled by setting <constant>FILTER_FLAG_NO_ENCODE_QUOTES</constant>. Like <function>htmlspecialchars</function>, this
filter is aware of the <link linkend="ini.default-charset">default_charset</link> and if a sequence of bytes is detected that
makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string.
When using this filter as a default filter, see the warning below about setting the default flags to 0.
</entry>
</row>
<row>
<entry><constant>FILTER_SANITIZE_STRING</constant></entry>
<entry>"string"</entry>
<entry></entry>
<entry>
<constant>FILTER_FLAG_NO_ENCODE_QUOTES</constant>,
<constant>FILTER_FLAG_STRIP_LOW</constant>,
<constant>FILTER_FLAG_STRIP_HIGH</constant>,
<constant>FILTER_FLAG_ENCODE_LOW</constant>,
<constant>FILTER_FLAG_ENCODE_HIGH</constant>,
<constant>FILTER_FLAG_ENCODE_AMP</constant>
</entry>
<entry>Strip tags, optionally strip or encode special characters.</entry>
</row>
<row>
<entry><constant>FILTER_SANITIZE_STRIPPED</constant></entry>
<entry>"stripped"</entry>
<entry></entry>
<entry></entry>
<entry>Alias of "string" filter.</entry>
</row>
<row>
<entry><constant>FILTER_SANITIZE_URL</constant></entry>
<entry>"url"</entry>
<entry></entry>
<entry></entry>
<entry>
Remove all characters except letters, digits and
<literal>$-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=</literal>.
</entry>
</row>
<row>
<entry><constant>FILTER_UNSAFE_RAW</constant></entry>
<entry>"unsafe_raw"</entry>
<entry></entry>
<entry>
<constant>FILTER_FLAG_STRIP_LOW</constant>,
<constant>FILTER_FLAG_STRIP_HIGH</constant>,
<constant>FILTER_FLAG_ENCODE_LOW</constant>,
<constant>FILTER_FLAG_ENCODE_HIGH</constant>,
<constant>FILTER_FLAG_ENCODE_AMP</constant>
</entry>
<entry>Do nothing, optionally strip or encode special characters.</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
<warning>
<para>
When using one of these filters as a default filter either through your ini file
or through your web server's configuration, the default flags is set to
<constant>FILTER_FLAG_NO_ENCODE_QUOTES</constant>. You need to explicitly set
filter.default_flags to 0 to have quotes encoded by default. Like this:
<example>
<title>Configuring the default filter to act like htmlspecialchars</title>
<programlisting role="php">
<![CDATA[
filter.default = full_special_chars
filter.default_flags = 0
]]>
</programlisting>
</example>
</para>
</warning>
</section>
<!--}}}-->
<!-- Other filters: {{{-->
<section xml:id="filter.filters.misc">
<title>Other filters</title>
<para>
<table>
<title>List of miscellaneous filters</title>
<tgroup cols="5">
<thead>
<row>
<entry>ID</entry>
<entry>Name</entry>
<entry>Options</entry>
<entry>Flags</entry>
<entry>Description</entry>
</row>
</thead>
<tbody>
<row>
<entry><constant>FILTER_CALLBACK</constant></entry>
<entry>"callback"</entry>
<entry><type>callable</type> function or method</entry>
<entry></entry>
<entry>Call user-defined function to filter data.</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
</section>
<!--}}}-->
<!-- Filter flags: {{{-->
<section xml:id="filter.filters.flags">
<title>Filter flags</title>
<para>
<table>
<title>List of filter flags</title>
<tgroup cols="3">
<thead>
<row>
<entry>ID</entry>
<entry>Used with</entry>
<entry>Description</entry>
</row>
</thead>
<tbody>
<row>
<entry><constant>FILTER_FLAG_STRIP_LOW</constant></entry>
<entry>
<constant>FILTER_SANITIZE_ENCODED</constant>,
<constant>FILTER_SANITIZE_SPECIAL_CHARS</constant>,
<constant>FILTER_SANITIZE_STRING</constant>,
<constant>FILTER_UNSAFE_RAW</constant>
</entry>
<entry>
Strips characters that has a numerical value <32.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_STRIP_HIGH</constant></entry>
<entry>
<constant>FILTER_SANITIZE_ENCODED</constant>,
<constant>FILTER_SANITIZE_SPECIAL_CHARS</constant>,
<constant>FILTER_SANITIZE_STRING</constant>,
<constant>FILTER_UNSAFE_RAW</constant>
</entry>
<entry>
Strips characters that has a numerical value >127.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_ALLOW_FRACTION</constant></entry>
<entry>
<constant>FILTER_SANITIZE_NUMBER_FLOAT</constant>
</entry>
<entry>
Allows a period (<literal>.</literal>) as a fractional separator in
numbers.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_ALLOW_THOUSAND</constant></entry>
<entry>
<constant>FILTER_SANITIZE_NUMBER_FLOAT</constant>,
<constant>FILTER_VALIDATE_FLOAT</constant>
</entry>
<entry>
Allows a comma (<literal>,</literal>) as a thousands separator in
numbers.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_ALLOW_SCIENTIFIC</constant></entry>
<entry>
<constant>FILTER_SANITIZE_NUMBER_FLOAT</constant>
</entry>
<entry>
Allows an <literal>e</literal> or <literal>E</literal> for scientific
notation in numbers.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_NO_ENCODE_QUOTES</constant></entry>
<entry>
<constant>FILTER_SANITIZE_STRING</constant>
</entry>
<entry>
If this flag is present, single (<literal>'</literal>) and double
(<literal>"</literal>) quotes will not be encoded.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_ENCODE_LOW</constant></entry>
<entry>
<constant>FILTER_SANITIZE_ENCODED</constant>,
<constant>FILTER_SANITIZE_STRING</constant>,
<constant>FILTER_SANITIZE_RAW</constant>
</entry>
<entry>
Encodes all characters with a numerical value <32.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_ENCODE_HIGH</constant></entry>
<entry>
<constant>FILTER_SANITIZE_ENCODED</constant>,
<constant>FILTER_SANITIZE_SPECIAL_CHARS</constant>,
<constant>FILTER_SANITIZE_STRING</constant>,
<constant>FILTER_SANITIZE_RAW</constant>
</entry>
<entry>
Encodes all characters with a numerical value >127.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_ENCODE_AMP</constant></entry>
<entry>
<constant>FILTER_SANITIZE_STRING</constant>,
<constant>FILTER_SANITIZE_RAW</constant>
</entry>
<entry>
Encodes ampersands (<literal>&</literal>).
</entry>
</row>
<row>
<entry><constant>FILTER_NULL_ON_FAILURE</constant></entry>
<entry>
<constant>FILTER_VALIDATE_BOOLEAN</constant>
</entry>
<entry>
Returns &null; for unrecognized boolean values.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_ALLOW_OCTAL</constant></entry>
<entry>
<constant>FILTER_VALIDATE_INT</constant>
</entry>
<entry>
Regards inputs starting with a zero (<literal>0</literal>) as octal
numbers. This only allows the succeeding digits to be
<literal>0-7</literal>.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_ALLOW_HEX</constant></entry>
<entry>
<constant>FILTER_VALIDATE_INT</constant>
</entry>
<entry>
Regards inputs starting with <literal>0x</literal> or
<literal>0X</literal> as hexadecimal numbers. This only allows
succeeding characters to be <literal>a-fA-F0-9</literal>.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_IPV4</constant></entry>
<entry>
<constant>FILTER_VALIDATE_IP</constant>
</entry>
<entry>
Allows the IP address to be in IPv4 format.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_IPV6</constant></entry>
<entry>
<constant>FILTER_VALIDATE_IP</constant>
</entry>
<entry>
Allows the IP address to be in IPv6 format.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_NO_PRIV_RANGE</constant></entry>
<entry>
<constant>FILTER_VALIDATE_IP</constant>
</entry>
<entry>
<para>
Fails validation for the following private IPv4 ranges:
<literal>10.0.0.0/8</literal>, <literal>172.16.0.0/12</literal> and
<literal>192.168.0.0/16</literal>.
</para>
<para>
Fails validation for the IPv6 addresses starting with
<literal>FD</literal> or <literal>FC</literal>.
</para>
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_NO_RES_RANGE</constant></entry>
<entry>
<constant>FILTER_VALIDATE_IP</constant>
</entry>
<entry>
Fails validation for the following reserved IPv4 ranges:
<literal>0.0.0.0/8</literal>, <literal>169.254.0.0/16</literal>,
<literal>192.0.2.0/24</literal> and <literal>224.0.0.0/4</literal>.
This flag does not apply to IPv6 addresses.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_PATH_REQUIRED</constant></entry>
<entry>
<constant>FILTER_VALIDATE_URL</constant>
</entry>
<entry>
Requires the <acronym>URL</acronym> to contain a path part.
</entry>
</row>
<row>
<entry><constant>FILTER_FLAG_QUERY_REQUIRED</constant></entry>
<entry>
<constant>FILTER_VALIDATE_URL</constant>
</entry>
<entry>
Requires the <acronym>URL</acronym> to contain a query string.
</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
</section>
<!--}}}-->
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=marker fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->