Sanitize Filters
PHP’s filter functions can be used for validation or sanitizing. These filters are used for sanitizing. This means it will alter the data if needed to meet the requirements as defined by the filter used.
| ID | Flags |
| FILTER_SANITIZE_EMAIL | |
| FILTER_SANITIZE_ENCODED | FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH |
| FILTER_SANITIZE_MAGIC_QUOTES | |
| FILTER_SANITIZE_NUMBER_FLOAT | FILTER_FLAG_ALLOW_FRACTION, FILTER_FLAG_ALLOW_THOUSAND, FILTER_FLAG_ALLOW_SCIENTIFIC |
| FILTER_SANITIZE_NUMBER_INT | |
| FILTER_SANITIZE_SPECIAL_CHARS | FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_HIGH |
| FILTER_SANITIZE_STRING (or FILTER_SANITIZE_STRIPPED) | FILTER_FLAG_NO_ENCODE_QUOTES, FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP |
| FILTER_SANITIZE_URL | |
| FILTER_UNSAFE_RAW | FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP |
FILTER_SANITIZE_EMAIL: Remove all characters except letters, digits and !#$%&’*+-/=?^_`{|}~@.[]
FILTER_SANITIZE_ENCODED: URL-encode string, optionally strip or encode special characters
FILTER_SANITIZE_MAGIC_QUOTES: Apply addslashes()
FILTER_SANITIZE_NUMBER_FLOAT: Remove all characters except digits, +- and optionally .,eE
FILTER_SANITIZE_NUMBER_INT: Remove all characters except digits, plus and minus sign
FILTER_SANITIZE_SPECIAL_CHARS: HTML-escape ‘”<>& and characters with ASCII value less than 32, optionally strip or encode other special characters
FILTER_SANITIZE_STRING: Strip tags, optionally strip or encode special characters
FILTER_SANITIZE_URL: Remove all characters except letters, digits and $-_.+!*’(),{}|\\^~[]`<>#%”;/?:@&=
FILTER_UNSAFE_RAW: Do nothing, optionally strip or encode special characters