Php/docs/filter.filters.sanitize

来自菜鸟教程
跳转至:导航、​搜索

Sanitize filters

List of filters for sanitization
ID Name Flags Description
FILTER_SANITIZE_EMAIL "email"   Remove all characters except letters, digits and

!#$%&'*+-=?^_`{|}~@.[].

FILTER_SANITIZE_ENCODED "encoded" FILTER_FLAG_STRIP_LOW,

FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH

URL-encode string, optionally strip or encode special characters.
FILTER_SANITIZE_MAGIC_QUOTES "magic_quotes"   Apply addslashes().
FILTER_SANITIZE_NUMBER_FLOAT "number_float" FILTER_FLAG_ALLOW_FRACTION,

FILTER_FLAG_ALLOW_THOUSAND, FILTER_FLAG_ALLOW_SCIENTIFIC

Remove all characters except digits, +- and

optionally .,eE.

FILTER_SANITIZE_NUMBER_INT "number_int"   Remove all characters except digits, plus and minus sign.
FILTER_SANITIZE_SPECIAL_CHARS "special_chars" FILTER_FLAG_STRIP_LOW,

FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_HIGH

HTML-escape '"<>& and characters with

ASCII value less than 32, optionally strip or encode other special characters.

FILTER_SANITIZE_FULL_SPECIAL_CHARS "full_special_chars" FILTER_FLAG_NO_ENCODE_QUOTES, Equivalent to calling htmlspecialchars() with ENT_QUOTES set. Encoding quotes can

be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars(), this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0.

FILTER_SANITIZE_STRING "string" FILTER_FLAG_NO_ENCODE_QUOTES,

FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP

Strip tags, optionally strip or encode special characters.
FILTER_SANITIZE_STRIPPED "stripped"   Alias of "string" filter.
FILTER_SANITIZE_URL "url"   Remove all characters except letters, digits and

$-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=.

FILTER_UNSAFE_RAW "unsafe_raw" FILTER_FLAG_STRIP_LOW,

FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_STRIP_BACKTICK, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP

Do nothing, optionally strip or encode special characters. This

filter is also aliased to FILTER_DEFAULT.

Warning When using one of these filters as a default filter either through your ini file or through your web server's configuration, the default flags is set to FILTER_FLAG_NO_ENCODE_QUOTES. You need to explicitly set filter.default_flags to 0 to have quotes encoded by default. Like this:

Example #1 Configuring the default filter to act like htmlspecialchars

filter.default = full_special_charsfilter.default_flags = 0

更新日志

版本 说明
5.2.11/5.3.1 Slashes (/) are removed by

FILTER_SANITIZE_EMAIL. Prior they were retained.