Types of filters
在线手册:中文 英文
PHP手册

Validate filters

Listing of filters for validation
ID Name Options Flags Description
FILTER_VALIDATE_BOOLEAN "boolean"   FILTER_NULL_ON_FAILURE

Returns TRUE for "1", "true", "on" and "yes". Returns FALSE otherwise.

If FILTER_NULL_ON_FAILURE is set, FALSE is returned only for "0", "false", "off", "no", and "", and NULL is returned for all non-boolean values.

FILTER_VALIDATE_EMAIL "validate_email"     Validates value as e-mail.
FILTER_VALIDATE_FLOAT "float" decimal FILTER_FLAG_ALLOW_THOUSAND Validates value as float.
FILTER_VALIDATE_INT "int" min_range, max_range FILTER_FLAG_ALLOW_OCTAL, FILTER_FLAG_ALLOW_HEX Validates value as integer, optionally from the specified range.
FILTER_VALIDATE_IP "validate_ip"   FILTER_FLAG_IPV4, FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
FILTER_VALIDATE_REGEXP "validate_regexp" regexp   Validates value against regexp, a Perl-compatible regular expression.
FILTER_VALIDATE_URL "validate_url"   FILTER_FLAG_PATH_REQUIRED, FILTER_FLAG_QUERY_REQUIRED Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396), optionally with required components. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail.

Note:

Numbers +0 and -0 are not valid integers but validate as floats.


Types of filters
在线手册:中文 英文
PHP手册
PHP手册 - N: Validate filters

用户评论:

Tom (09-Apr-2012 06:08)

Be aware!

In contrary to what the docs say (at least in PHP 5.3.1), this line:

$value = filter_var(FALSE, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);

Will return NULL - not false. In other words: a boolean FALSE is not considered a valid boolean value by this function.

Also:

$value = filter_var("", FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);

Will also return NULL - no matter what the docs say. So (string) FALSE is not considered a valid boolean input either.

Thus be aware the that correct usage/workaround for this filter is:

if (!is_bool($value)) {
    $value= filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
}

For those of you who feel this is counterintuitive, note that there is an issue filed for this in the bug-tracker.
So you might want to follow the discussion there or vote for issue #49510.

Levi Morrison (26-Oct-2011 08:10)

It's important to note that in PHP, false==null is true.  This means when you are using the FILTER_VALIDATE_BOOLEAN, you must use '===' and '!==' to check to see if something is/isn't null.

<?php
$false
= filter_var('0', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);

if (
$false==null) {
   
//will execute
}

if (
$false===null) {
   
//will not execute
}
?>

Griff (01-Sep-2011 12:28)

<< FILTER_VALIDATE_EMAIL allows incomplete e-mail addresses to be validated, for examle john@gmail will validate as a proper e-mail address >>

"Plain" hostnames with no dots are valid in email addresses -
for example, "me@localhost".

php at sethsyberg dot com (07-Apr-2011 09:00)

When validating floats, you must use the Identical/Not identical operators for proper validation of zeros:

This will not work as expected:
<?php
$x
= 0;
if (!
filter_var($x, FILTER_VALIDATE_FLOAT)) {
    echo
"$x is a valid float";
} else {
    echo
"$x is NOT a valid float";
}
?>

This will work as expected:
<?php
$x
= 0;
if (
filter_var($x, FILTER_VALIDATE_FLOAT)!== false) {
    echo
"$x is a valid float";
} else {
    echo
"$x is NOT a valid float";
}
?>

chastell at chastell dot net (15-Mar-2011 03:54)

example@example is a perfectly valid email address – I use chastell@localhost and chastell@devielle (my computer’s name) email addresses all the time and they get delivered just fine.

eleljrk at gmail dot com (19-Feb-2011 03:23)

For PHP 5.3.1 FILTER_VALIDATE_EMAIL does validate incomplete email addresses such as: example@example

Otherwise it's really good because FILTER_VALIDATE_EMAIL validates the standards of the local part very well.

This is a valid email address:
"this is a valid email@[]{}and it should be"@example.com
And FILTER_VALIDATE_EMAIL validate it.

But this isn't a valid email address:
"this is a valid email@[]{}and it should be"@example
However, FILTER_VALIDATE_EMAIL does validate it.

php dot net at piskvor dot org (11-Feb-2011 04:57)

FILTER_VALIDATE_EMAIL is discarding valid e-mail addresses containing IDN. Since there are real, live IDNs on the Internet, that means the filtered output is too strict, leading to false negatives.

Punycode-encoded IDN addresses pass the filter correctly; so before checking for validity, it is necessary to convert the e-mail address to punycode.

Clifton (05-Jan-2011 04:00)

FILTER_VALIDATE_EMAIL does NOT allow incomplete e-mail addresses to be validated as mentioned by Tomas.

Using the following code:

<?php
$email
= "clifton@example"; //Note the .com missing
echo "PHP Version: ".phpversion().'<br>';
if(
filter_var($email, FILTER_VALIDATE_EMAIL)){
    echo
$email.'<br>';
   
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
   
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));   
}
?>

Returns:
PHP Version: 5.2.14 //On MY server, may be different depending on which version you have installed.
bool(false)

While the following code:

<?php
$email
= "clifton@example.com"; //Note the .com added
echo "PHP Version: ".phpversion().'<br>';
if(
filter_var($email, FILTER_VALIDATE_EMAIL)){
    echo
$email.'<br>';
   
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
   
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));   
}
?>

Returns:
PHP Version: 5.2.14 //On MY server, may be different depending on which version you have installed.
clifton@example.com
string(16) "clifton@example.com"

This feature is only available for PHP Versions (PHP 5 >= 5.2.0) according to documentation. So make sure your version is correct.

Cheers,
Clifton

tomas dot chlouba at gmail dot com (18-Dec-2010 04:42)

FILTER_VALIDATE_EMAIL allows incomplete e-mail addresses to be validated, for examle john@gmail will validate as a proper e-mail address.

pravila at alumni dot calpoly dot edu (21-Mar-2010 04:53)

Take caution when using the FILTER_VALIDATE_BOOLEAN filter as it seems to have different behaviors when used in the filter_var() vs. the filter_input() functions.

To demonstrate, let's parse some arguments from a GET request (notice how arg2 is NOT set):

example.com/script.php?arg1=yes&arg3=no

<?php
// filtering by variable
$var1 = filter_var($_GET["arg1"], FILTER_VALIDATE_BOOLEAN);
$var2 = filter_var($_GET["arg2"], FILTER_VALIDATE_BOOLEAN);
$var3 = filter_var($_GET["arg3"], FILTER_VALIDATE_BOOLEAN);

// filtering by input
$input1 = filter_input(INPUT_GET, "arg1", FILTER_VALIDATE_BOOLEAN);
$input2 = filter_input(INPUT_GET, "arg2", FILTER_VALIDATE_BOOLEAN);
$input3 = filter_input(INPUT_GET, "arg3", FILTER_VALIDATE_BOOLEAN);

// as expected...
var_dump($var1);      // bool(true)
var_dump($var2);      // bool(false)
var_dump($var3);      // bool(false)

// NULL is not an expected return...
var_dump($input1);    // bool(true)
var_dump($input2);    // NULL
var_dump($input3);    // bool(false)
?>

As per the documentation, the return is limited to true XOR false unless the FILTER_NULL_ON_FAILURE flag is set, but it seems as if this flag is set automatically with the filter_input() function.

(Note: same behavior for filter_var_array() vs. filter_input_array())