Validate filters
| ID | Name | Options | Flags | Description |
|---|---|---|---|---|
FILTER_VALIDATE_BOOLEAN | "boolean" | default | FILTER_NULL_ON_FAILURE |
Returns
If |
FILTER_VALIDATE_EMAIL | "validate_email" | default | Validates whether the value is a valid e-mail address. In general, this validates e-mail addresses against the syntax in RFC 822, with the exceptions that comments and whitespace folding are not supported. | |
FILTER_VALIDATE_FLOAT | "float" | default,
decimal | FILTER_FLAG_ALLOW_THOUSAND | Validates value as float, and converts to float on success. |
FILTER_VALIDATE_INT | "int" | default,
min_range,
max_range | FILTER_FLAG_ALLOW_OCTAL ,
FILTER_FLAG_ALLOW_HEX | Validates value as integer, optionally from the specified range, and converts to int on success. |
FILTER_VALIDATE_IP | "validate_ip" | default | FILTER_FLAG_IPV4 ,
FILTER_FLAG_IPV6 ,
FILTER_FLAG_NO_PRIV_RANGE ,
FILTER_FLAG_NO_RES_RANGE | Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges. |
FILTER_VALIDATE_MAC | "validate_mac_address" | default | Validates value as MAC address. | |
FILTER_VALIDATE_REGEXP | "validate_regexp" | default,
regexp |
Validates value against regexp, a
Perl-compatible regular expression.
| |
FILTER_VALIDATE_URL | "validate_url" | default | FILTER_FLAG_PATH_REQUIRED ,
FILTER_FLAG_QUERY_REQUIRED | Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396), optionally with required components. Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// or mailto:. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail. |
Note:
As of PHP 5.4.11, the numbers +0 and -0 validate as both integers as well as floats (using
FILTER_VALIDATE_FLOATandFILTER_VALIDATE_INT). Before PHP 5.4.11 they only validated as floats (usingFILTER_VALIDATE_FLOAT).When
defaultis set to option,default's value is used if value is not validated.
更新日志
| 版本 | 说明 |
|---|---|
| 5.5.0 |
Added FILTER_VALIDATE_MAC |
用户评论:
[#1] rsnell at usgs dot gov [2015-11-25 17:18:03]
Note that if using FILTER_NULL_ON_FAILURE as a flag with the FILTER_VALIDATE_BOOLEAN id then NULL is no longer returned if the variable name is not set in the external variable array. It will instead return FALSE. In the description is says that when using the FILTER_NULL_ON_FAILURE flag that ' FALSE is returned only for "0", "false", "off", "no", and ""' an makes no mention of this additional state that can also return false. The behavior is mentioned on the filter_input documentation page under Return Values but that is not overly helpful if one is just looking here.
If FILTER_NULL_ON_FAILURE is not used then NULL is returned when the variable name is not set in the external variable array, TRUE is returned for "1", "true", "on" and "yes" and FALSE is returned for everything else.
[#2] william at crandell dot ws [2015-09-20 08:43:12]
FILTER_VALIDATE_EMAIL on localhost emails will fail except when
used in conjunction with a subdomain such as www.localhost
FYI Sub domains generally are setup outside of the scope of php configurations.
Using the following code:
<?php
$email = "user@localhost";
echo "PHP Version: ".phpversion().'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo $email.'<br>';
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}
?>
Returns:
PHP Version: 5.5.29 //On MY server
bool(false)
While the following code:
<?php
$email = "user@www.localhost"; //Note the added subdomain www
echo "PHP Version: ".phpversion().'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo $email.'<br>';
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}
?>
Returns:
PHP Version: 5.5.29 //On MY server
user@www.localhost
string(18) "user@www.localhost"
[#3] Lech [2015-09-05 20:41:31]
The description for FILTER_VALIDATE_URL seems incorrect/misleading. "Beware a valid URL may not specify the HTTP protocol" implies a valid URL cannot specify the HTTP protocol. I think "Beware a valid URL need not specify..." would be better.
[#4] Inigo [2015-08-21 19:54:48]
The correct way to use min_range and max_range in FILTER_VALIDATE_INT is not to just add those as keys of an array with respective values as third parameter.
But you have to include this array as a value of the key 'options'.
i.e.
<?php
echo filter_var(5, FILTER_VALIDATE_INT,array('min_range'=>0,'max_range'=>4)) ? 'true' :'false';
echo ' ';
echo filter_var(5, FILTER_VALIDATE_INT,array("options" =>array('min_range'=>0,'max_range'=>4))) ? 'true' :'false';
//output true false
?>
source: http://www.w3schools.com/php/filter_validate_int.asp
[#5] Wrinkled Cheese [2015-06-09 15:33:54]
When validating a URL, as documented, the protocol is not validated. However, it is required to be present.
For example:
I don't expect a protocol to be present. To validate expected input I have to add a "protocol" as a prefix, and return true or false, and further validate the input.
$r = filter_var(''this.doesnt.matter.so.why.is.it.required://'.$host, FILTER_VALIDATE_URL);
return ($r != '' && $r !== false) ? true : false;
[#6] Darth Killer [2015-06-02 08:54:06]
Contrary to what documentation implies, the FILTER_NULL_ON_FAILURE seem to affect any validation filter, not just FILTER_VALIDATE_BOOLEAN. I've been using that since PHP 5.2, and as of PHP 5.6.8 it still works. I have no clue if it's a blug or if it is as intended, in which case the documentation needs to be fixed.
When the flag is used on a validation filter other than FILTER_VALIDATE_BOOLEAN, as expected the filter will return NULL instead of FALSE upon failure. This is quite useful when filtering a POST form with filter_input_array(), where you don't want to check what field is invalid and what field is missing. Just check if NULL is among the returned elements and you're done.
<?php
$definition = array(
'login' => array(
'filter' => FILTER_VALIDATE_STRING,
'flags' => FILTER_NULL_ON_FAILURE
),
'pwd' => FILTER_UNSAFE_RAW
);
$form_data = filter_input_array(INPUT_POST, $definition);
if(in_array(null, $form_data, true)) {
// invalid form
} else {
// valid form, let's proceed
}
?>
Of course, if you want more precise error messages that approach won't work. But it's still good to know, i believe.
[#7] Luuk [2015-05-25 10:23:21]
@2:
$value = " 0 ";
$filtered = filter_var($value, FILTER_VALIDATE_INT);
if($filtered || $filtered === 0)
{
// validated as an int
}
I think next code is better:
$value = "0";
if(filter_var($value, FILTER_VALIDATE_INT) !== false)
{
.....
[#8] Anonymous [2015-05-22 08:02:19]
FILTER_VALIDATE_FLOAT, decimal option mean decimal notation['.', ','].
[#9] maruerru at gmail dot com [2015-03-26 23:09:01]
Often I see some code like the following:
$value = "12";
if( filter_var($value, FILTER_VALIDATE_INT) )
{
// validated as an int
}
The above works as intended, except when $value is "0". In the above case it will be interpreted as FALSE.
For the correct behavior, you have not only to check if it is equal (==) to false, but also identic (===) to FALSE:
$value = " 0 ";
if( filter_var($value, FILTER_VALIDATE_INT) === FALSE )
{
// validated as an int
}
I hope, I could help.
[#10] bryanwayb at gmail dot com [2015-03-22 04:18:04]
It's good to remember that using filter_var is primarily for filtering input values when doing boolean logic comparisons. Take the following:
$value = "12";
if(filter_var($value, FILTER_VALIDATE_INT))
{
// validated as an int
}
The above works as intended, except when $value = "0". In which case filter_var returns a 0, aka false when used as a boolean.
For the correct behavior, do a zero check.
$value = " 0 ";
$filtered = filter_var($value, FILTER_VALIDATE_INT);
if($filtered || $filtered === 0)
{
// validated as an int
}
[#11] Bastien [2013-09-24 08:05:01]
Rejection of so-called partial domains because of "missing" dot is not following section 2.3.5 of RFC 5321.
It says FQDNs are permitted, and com, org, or va are (well, may be) valids FQDNs. It depends on DNS, not on syntax.
Some TDLs (although few of them) have MX RRs, the for example "abuse@va" is correct.
[#12] rowan dot collins at gmail dot com [2013-03-17 20:22:28]
Regarding "partial" addresses with no . in the domain part, a comment in the source code (in ext/filter/logical_filters.c) justifies this rejection thus:
* The regex below is based on a regex by Michael Rushton.
* However, it is not identical. I changed it to only consider routeable
* addresses as valid. Michael's regex considers a@b a valid address
* which conflicts with section 2.3.5 of RFC 5321 which states that:
*
* Only resolvable, fully-qualified domain names (FQDNs) are permitted
* when domain names are used in SMTP. In other words, names that can
* be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
* in Section 5) are permitted, as are CNAME RRs whose targets can be
* resolved, in turn, to MX or address RRs. Local nicknames or
* unqualified names MUST NOT be used.
[#13] boy at relaxnow dot nl [2012-10-19 14:06:13]
FILTER_VALIDATE_URL does not work with URNs, examples of valid URIs according to RFC3986 and if they are accepted by FILTER_VALIDATE_URL:
[PASS] ftp://ftp.is.co.za.example.org/rfc/rfc1808.txt
[PASS] gopher://spinaltap.micro.umn.example.edu/00/Weather/California/Los%20Angeles
[PASS] http://www.math.uio.no.example.net/faq/compression-faq/part1.html
[PASS] mailto:mduerst@ifi.unizh.example.gov
[PASS] news:comp.infosystems.www.servers.unix
[PASS] telnet://melvyl.ucop.example.edu/
[PASS] http://www.ietf.org/rfc/rfc2396.txt
[PASS] ldap://[2001:db8::7]/c=GB?objectClass?one
[PASS] mailto:John.Doe@example.com
[PASS] news:comp.infosystems.www.servers.unix
[FAIL] tel:+1-816-555-1212
[PASS] telnet://192.0.2.16:80/
[FAIL] urn:oasis:names:specification:docbook:dtd:xml:4.1.2
[#14] bee kay two at em ee dot com [2012-05-06 04:45:29]
Notably missing is a way to validate text entry as printable,
printable multiline,
or printable and safe (tag free)
FILTER_VALIDATE_TEXT, which validates no special characters
perhaps with FILTER_FLAG_ALLOW_NEWLINE
and FILTER_FLAG_NOTAG to disallow tag starters
[#15] Griff [2011-09-01 04:28:30]
<< FILTER_VALIDATE_EMAIL allows incomplete e-mail addresses to be validated, for examle john@gmail will validate as a proper e-mail address >>
"Plain" hostnames with no dots are valid in email addresses -
for example, "me@localhost".
[#16] php at sethsyberg dot com [2011-04-07 13:00:18]
When validating floats, you must use the Identical/Not identical operators for proper validation of zeros:
This will not work as expected:
<?php
$x = 0;
if (!filter_var($x, FILTER_VALIDATE_FLOAT)) {
echo "$x is a valid float";
} else {
echo "$x is NOT a valid float";
}
?>
This will work as expected:
<?php
$x = 0;
if (filter_var($x, FILTER_VALIDATE_FLOAT)!== false) {
echo "$x is a valid float";
} else {
echo "$x is NOT a valid float";
}
?>
[#17] chastell at chastell dot net [2011-03-15 07:54:04]
example@example is a perfectly valid email address ?C I use chastell@localhost and chastell@devielle (my computer??s name) email addresses all the time and they get delivered just fine.
[#18] php dot net at piskvor dot org [2011-02-11 08:57:46]
FILTER_VALIDATE_EMAIL is discarding valid e-mail addresses containing IDN. Since there are real, live IDNs on the Internet, that means the filtered output is too strict, leading to false negatives.
Punycode-encoded IDN addresses pass the filter correctly; so before checking for validity, it is necessary to convert the e-mail address to punycode.
[#19] Clifton [2011-01-05 08:00:01]
FILTER_VALIDATE_EMAIL does NOT allow incomplete e-mail addresses to be validated as mentioned by Tomas.
Using the following code:
<?php
$email = "clifton@example"; //Note the .com missing
echo "PHP Version: ".phpversion().'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo $email.'<br>';
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}
?>
Returns:
PHP Version: 5.2.14 //On MY server, may be different depending on which version you have installed.
bool(false)
While the following code:
<?php
$email = "clifton@example.com"; //Note the .com added
echo "PHP Version: ".phpversion().'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo $email.'<br>';
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}
?>
Returns:
PHP Version: 5.2.14 //On MY server, may be different depending on which version you have installed.
clifton@example.com
string(16) "clifton@example.com"
This feature is only available for PHP Versions (PHP 5 >= 5.2.0) according to documentation. So make sure your version is correct.
Cheers,
Clifton