[edit] Last updated: Fri, 10 Feb 2012

filter_input

(PHP 5 >= 5.2.0)

filter_input — 指定した名前の変数を外部から受け取り、オプションでそれをフィルタリングする

説明

mixed filter_input ( int $type , string $variable_name [, int $filter = FILTER_DEFAULT [, mixed $options ]] )

パラメータ

type: INPUT_GET、INPUT_POST、 INPUT_COOKIE、INPUT_SERVER あるいは INPUT_ENV のいずれか。
variable_name: 取得する変数の名前。
filter: 適用するフィルタの ID。フィルタの型に、利用できるフィルタの一覧があります。
options: オプションあるいはフラグの論理和の連想配列。オプションを指定可能なフィルタの場合、この配列の "flags" フィールドにフラグを指定します。

返り値

成功した場合は要求された変数の値、フィルタリングに失敗した場合に FALSE、あるいは変数 variable_name が設定されていない場合に NULL を返します。フラグ FILTER_NULL_ON_FAILURE が指定されている場合は、変数が設定されていなければ FALSE、フィルタリングに失敗したら NULL を返します。

例

例1 filter_input() の例


<?php
$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);
$search_url = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);
echo "You have searched for $search_html.\n";
echo "<a href='?search=$search_url'>Search again.</a>";
?>

上の例の出力は、たとえば以下のようになります。

You have searched for Me &#38; son.
<a href='?search=Me%20%26%20son'>Search again.</a>

参考

filter_var() - 指定したフィルタでデータをフィルタリングする
filter_input_array() - 外部から変数を受け取り、オプションでそれらをフィルタリングする
filter_var_array() - 複数の変数を受け取り、オプションでそれらをフィルタリングする
フィルタの型

filter_list

filter_input_array

[edit] Last updated: Fri, 10 Feb 2012

add a note User Contributed Notes filter_input

ss23 at ss23 dot geek dot nz 28-Jul-2010 11:37


Note that this function doesn't (or at least doesn't seem to) actually filter based on the current values of $_GET etc. Instead, it seems to filter based off the original values.

<?php

$_GET['search'] = 'foo'; // This has no effect on the filter_input



$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);

$search_url = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);

echo "You have searched for $search_html.\n";

echo "<a href='?search=$search_url'>Search again.</a>";

?>



If you need to set a default input value and filter that, use filter_var on your required input variable instead

travismowens at gmail dot com 28-Jul-2010 09:21


I wouldn't recommend people use this function to store their data in a database.  It's best not to encode data when storing it, it's better to store it raw and convert in upon the time of need.



One main reason for this is because if you have a short CHAR(16) field and the text contains encoded characters (quotes, ampersand) you can easily take a 12 character entry which obviously fits, but because of encoding it no longer fits.



Also, while not as common, if you need to use this data in another place, such as a non webpage (perhaps in a desktop app, or to a cell phone SMS or to a pager) the HTML encoded data will appear raw, and now you have to decode the data.



In summary, the best way to architect your system, is to store data as raw, and encode it only the moment you need to.  So this means in your PHP upon doing a SQL query, instead of merely doing an   echo $row['title']  you need to run htmlentities() on your echos, or better yet, an abstract function.

med dot k1987 at yahoo dot com 30-Jun-2010 07:48


Hello,

Does anybody know how to prevent FILTER_SANITIZE_SPECIAL_CHARS from converting the line breaks (\n) into (&#10;).

I'm developing a simple commenting system for my website and I found that the php filter converts \n to &#10; so when using nl2br() there are no line breaks.

help please.

thanks :)

Maksym Karazeev 03-Mar-2009 01:13


Just a tip. 





Note how to setup default filter for filter_var_array





When I tried to use filter_var_array and didn't mentioned all array indexes in definition it filtered it with some filter and broke values so using this tip corrected everything





<?php


$def = array_map(create_function('', 'return array("filter"=>FILTER_UNSAFE_RAW);'), $input);


?>

Marques Johansson 02-Jan-2008 11:30


Despite the documentation for 'type', you can specify multiple types by doing:



$test = filter_input(INPUT_GET | INPUT_POST, 'test');



This was tested in 5.2.3.



When both are set it appears to return the value defined first by variables_order (php.ini).



This trick does not seem to work in filter_input_array though.  Neither function supports INPUT_REQUEST at the moment.

vid at phpcult dot com 10-Dec-2007 12:49


If you want to use the callback filter with filter_input, you need to do something like: 



$args = array ('options' => 'mycallbackfunction'); 



$foobar = filter_input(INPUT_POST,'postedvariable',FILTER_CALLBACK,$args);

anthony dot parsons at manx dot net 23-Aug-2007 02:10


FastCGI seems to cause strange side-effects with unexpected null values when using INPUT_SERVER and INPUT_ENV with this function. You can use this code to see if it affects your server:

<?php

var_dump($_SERVER);

foreach ( array_keys($_SERVER) as $b ) {

    var_dump($b, filter_input(INPUT_SERVER, $b));

}

echo '<hr>';

var_dump($_ENV);

foreach ( array_keys($_ENV) as $b ) {

    var_dump($b, filter_input(INPUT_ENV, $b));

}

?>

If you want to be on the safe side, using the superglobal $_SERVER and $_ENV variables will always work. You can still use the filter_* functions for Get/Post/Cookie without a problem, which is the important part!

add a note