filter_input_array
Note that this function doesn't (or at least doesn't seem to) actually filter based on the current values of $_GET etc. Instead, it seems to filter based off the original values.
<?php
$_GET['search'] = 'foo'; // This has no effect on the filter_input
$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);
$search_url = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);
echo "You have searched for $search_html.\n";
echo "<a href='?search=$search_url'>Search again.</a>";
?>
If you need to set a default input value and filter that, use filter_var on your required input variable instead
filter_input
(PHP 5 >= 5.2.0)
filter_input — Obtem a específica variável externa pelo nome e opcionalmente a filtra
Descrição
Parâmetros
-
type -
Um dos
INPUT_GET,INPUT_POST,INPUT_COOKIE,INPUT_SERVER,INPUT_ENV,INPUT_SESSION(não implementado ainda) eINPUT_REQUEST(não implementado ainda). -
variable_name -
Nome da variável a ser obtida.
-
filter -
Filtro a ser aplicado. O padrão é
FILTER_DEFAULT. -
options -
Array associativo de opções ou disjunção com operação binário dos flags. Se o filtro aceita opções, flags podem ser providas no campo "flags" da array.
Valor Retornado
Valor da requisitada variável em caso de sucesso, FALSE se o filtro falhar,
ou NULL se o parâmetro variable_name é um variável não definida.
Se a flag FILTER_NULL_ON_FAILURE é usada, ela
retorna FALSE se a variável não é definida e NULL se o filtro falhar.
Exemplos
Exemplo #1 Um exemplo da filter_input()
<?php
$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);
$search_url = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);
echo "You have searched for $search_html.\n";
echo "<a href='?search=$search_url'>Search again.</a>";
?>
O exemplo acima irá imprimir algo similar à:
You have searched for Me & son. <a href='?search=Me%20%26%20son'>Search again.</a>
Veja Também
- filter_var() - Filtra a variável com um especificado filtro
- filter_input_array() - Obtem variáveis externas e opcionalmente as filtra
- filter_var_array() - Obtêm múltiplas variáveis e opcionalmente as filtra
add a note
User Contributed Notes
filter_input - [9 notes]
ss23 at ss23 dot geek dot nz ¶
2 years ago
travismowens at gmail dot com ¶
2 years ago
I wouldn't recommend people use this function to store their data in a database. It's best not to encode data when storing it, it's better to store it raw and convert in upon the time of need.
One main reason for this is because if you have a short CHAR(16) field and the text contains encoded characters (quotes, ampersand) you can easily take a 12 character entry which obviously fits, but because of encoding it no longer fits.
Also, while not as common, if you need to use this data in another place, such as a non webpage (perhaps in a desktop app, or to a cell phone SMS or to a pager) the HTML encoded data will appear raw, and now you have to decode the data.
In summary, the best way to architect your system, is to store data as raw, and encode it only the moment you need to. So this means in your PHP upon doing a SQL query, instead of merely doing an echo $row['title'] you need to run htmlentities() on your echos, or better yet, an abstract function.
med dot k1987 at yahoo dot com ¶
2 years ago
Hello,
Does anybody know how to prevent FILTER_SANITIZE_SPECIAL_CHARS from converting the line breaks (\n) into ( ).
I'm developing a simple commenting system for my website and I found that the php filter converts \n to so when using nl2br() there are no line breaks.
help please.
thanks :)
west {:a7} jsausa {:d0t}~ com ¶
5 months ago
It's worth noting that the names for variables in filter input obey the same rules as variable naming in PHP (must start with an underscore or letter). We were allowing users to build custom forms but hashing the names to prevent them from putting arbitrary content into the dom. Turns out the hash function occasionally produced entirely numeric values for the field name... which doesn't work with filter_input but worked fine if you read directly from $_GET, $_POST, or $_REQUEST. A workaround is to always prefix an underscore to the field name.
chris at chlab dot ch ¶
1 year ago
To use a class method for a callback function, as usual, provide an array with an instance of the class and the method name.
Example:
<?php
class myValidator
{
public function username($value)
{
// return username or boolean false
}
}
$myValidator = new myValidator;
$options = array('options' => array($myValidator, 'username'));
$username = filter_input(INPUT_GET, 'username', FILTER_CALLBACK, $options);
var_dump($username);
?>
Maksym Karazeev ¶
4 years ago
Just a tip.
Note how to setup default filter for filter_var_array
When I tried to use filter_var_array and didn't mentioned all array indexes in definition it filtered it with some filter and broke values so using this tip corrected everything
<?php
$def = array_map(create_function('', 'return array("filter"=>FILTER_UNSAFE_RAW);'), $input);
?>
Marques Johansson ¶
5 years ago
Despite the documentation for 'type', you can specify multiple types by doing:
$test = filter_input(INPUT_GET | INPUT_POST, 'test');
This was tested in 5.2.3.
When both are set it appears to return the value defined first by variables_order (php.ini).
This trick does not seem to work in filter_input_array though. Neither function supports INPUT_REQUEST at the moment.
anthony dot parsons at manx dot net ¶
5 years ago
FastCGI seems to cause strange side-effects with unexpected null values when using INPUT_SERVER and INPUT_ENV with this function. You can use this code to see if it affects your server:
<?php
var_dump($_SERVER);
foreach ( array_keys($_SERVER) as $b ) {
var_dump($b, filter_input(INPUT_SERVER, $b));
}
echo '<hr>';
var_dump($_ENV);
foreach ( array_keys($_ENV) as $b ) {
var_dump($b, filter_input(INPUT_ENV, $b));
}
?>
If you want to be on the safe side, using the superglobal $_SERVER and $_ENV variables will always work. You can still use the filter_* functions for Get/Post/Cookie without a problem, which is the important part!
vid at phpcult dot com ¶
5 years ago
If you want to use the callback filter with filter_input, you need to do something like:
$args = array ('options' => 'mycallbackfunction');
$foobar = filter_input(INPUT_POST,'postedvariable',FILTER_CALLBACK,$args);