フィルタの型
Notably missing is a way to validate text entry as printable,
printable multiline,
or printable and safe (tag free)
FILTER_VALIDATE_TEXT, which validates no special characters
perhaps with FILTER_FLAG_ALLOW_NEWLINE
and FILTER_FLAG_NOTAG to disallow tag starters
検証フィルタ
| ID | 名前 | オプション | フラグ | 説明 |
|---|---|---|---|---|
FILTER_VALIDATE_BOOLEAN |
"boolean" |
FILTER_NULL_ON_FAILURE
|
"1"、"true"、"on" および "yes" の場合に
|
|
FILTER_VALIDATE_EMAIL |
"validate_email" | 値が e-mail 形式であるかどうかを検証します。 | ||
FILTER_VALIDATE_FLOAT |
"float" |
decimal
|
FILTER_FLAG_ALLOW_THOUSAND
|
値が float であるかどうかを検証します。 |
FILTER_VALIDATE_INT |
"int" |
min_range,
max_range
|
FILTER_FLAG_ALLOW_OCTAL,
FILTER_FLAG_ALLOW_HEX
|
値が整数であるかどうか、オプションで指定した範囲内にあるかどうかを検証します。 |
FILTER_VALIDATE_IP |
"validate_ip" |
FILTER_FLAG_IPV4,
FILTER_FLAG_IPV6,
FILTER_FLAG_NO_PRIV_RANGE,
FILTER_FLAG_NO_RES_RANGE
|
値が IP アドレスであるかどうかを検証します。 オプションで IPv4 あるいは IPv6 のみの指定、 プライベートアドレスや予約済みアドレスではないことの指定もできます。 | |
FILTER_VALIDATE_REGEXP |
"validate_regexp" |
regexp
|
値が、Perl 互換の
正規表現 regexp に一致するかどうかを検証します。
|
|
FILTER_VALIDATE_URL |
"validate_url" |
FILTER_FLAG_PATH_REQUIRED,
FILTER_FLAG_QUERY_REQUIRED
|
値が URL 形式である (» http://www.faqs.org/rfcs/rfc2396 に準拠している) かどうか、 オプションで、必須コンポーネントが含まれているかどうかを検証します。 この関数は、ASCII の URL のみを正しいとみなすことに注意しましょう。 国際化ドメイン名 (非 ASCII 文字を含むもの) は失敗します。 |
注意:
+0 および -0 は integer としては無効ですが float としては有効と見なされます。
add a note
User Contributed Notes
検証フィルタ
bee kay two at em ee dot com
05-May-2012 10:45
Tom
09-Apr-2012 04:08
Be aware!
In contrary to what the docs say (at least in PHP 5.3.1), this line:
$value = filter_var(FALSE, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
Will return NULL - not false. In other words: a boolean FALSE is not considered a valid boolean value by this function.
Also:
$value = filter_var("", FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
Will also return NULL - no matter what the docs say. So (string) FALSE is not considered a valid boolean input either.
Thus be aware the that correct usage/workaround for this filter is:
if (!is_bool($value)) {
$value= filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
}
For those of you who feel this is counterintuitive, note that there is an issue filed for this in the bug-tracker.
So you might want to follow the discussion there or vote for issue #49510.
Levi Morrison
26-Oct-2011 06:10
It's important to note that in PHP, false==null is true. This means when you are using the FILTER_VALIDATE_BOOLEAN, you must use '===' and '!==' to check to see if something is/isn't null.
<?php
$false = filter_var('0', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
if ($false==null) {
//will execute
}
if ($false===null) {
//will not execute
}
?>
Griff
31-Aug-2011 10:28
<< FILTER_VALIDATE_EMAIL allows incomplete e-mail addresses to be validated, for examle john@gmail will validate as a proper e-mail address >>
"Plain" hostnames with no dots are valid in email addresses -
for example, "me@localhost".
php at sethsyberg dot com
07-Apr-2011 07:00
When validating floats, you must use the Identical/Not identical operators for proper validation of zeros:
This will not work as expected:
<?php
$x = 0;
if (!filter_var($x, FILTER_VALIDATE_FLOAT)) {
echo "$x is a valid float";
} else {
echo "$x is NOT a valid float";
}
?>
This will work as expected:
<?php
$x = 0;
if (filter_var($x, FILTER_VALIDATE_FLOAT)!== false) {
echo "$x is a valid float";
} else {
echo "$x is NOT a valid float";
}
?>
chastell at chastell dot net
15-Mar-2011 01:54
example@example is a perfectly valid email address – I use chastell@localhost and chastell@devielle (my computer’s name) email addresses all the time and they get delivered just fine.
eleljrk at gmail dot com
19-Feb-2011 12:23
For PHP 5.3.1 FILTER_VALIDATE_EMAIL does validate incomplete email addresses such as: example@example
Otherwise it's really good because FILTER_VALIDATE_EMAIL validates the standards of the local part very well.
This is a valid email address:
"this is a valid email@[]{}and it should be"@example.com
And FILTER_VALIDATE_EMAIL validate it.
But this isn't a valid email address:
"this is a valid email@[]{}and it should be"@example
However, FILTER_VALIDATE_EMAIL does validate it.
php dot net at piskvor dot org
11-Feb-2011 01:57
FILTER_VALIDATE_EMAIL is discarding valid e-mail addresses containing IDN. Since there are real, live IDNs on the Internet, that means the filtered output is too strict, leading to false negatives.
Punycode-encoded IDN addresses pass the filter correctly; so before checking for validity, it is necessary to convert the e-mail address to punycode.
Clifton
05-Jan-2011 01:00
FILTER_VALIDATE_EMAIL does NOT allow incomplete e-mail addresses to be validated as mentioned by Tomas.
Using the following code:
<?php
$email = "clifton@example"; //Note the .com missing
echo "PHP Version: ".phpversion().'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo $email.'<br>';
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}
?>
Returns:
PHP Version: 5.2.14 //On MY server, may be different depending on which version you have installed.
bool(false)
While the following code:
<?php
$email = "clifton@example.com"; //Note the .com added
echo "PHP Version: ".phpversion().'<br>';
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo $email.'<br>';
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}else{
var_dump(filter_var($email, FILTER_VALIDATE_EMAIL));
}
?>
Returns:
PHP Version: 5.2.14 //On MY server, may be different depending on which version you have installed.
clifton@example.com
string(16) "clifton@example.com"
This feature is only available for PHP Versions (PHP 5 >= 5.2.0) according to documentation. So make sure your version is correct.
Cheers,
Clifton
tomas dot chlouba at gmail dot com
18-Dec-2010 01:42
FILTER_VALIDATE_EMAIL allows incomplete e-mail addresses to be validated, for examle john@gmail will validate as a proper e-mail address.
pravila at alumni dot calpoly dot edu
21-Mar-2010 02:53
Take caution when using the FILTER_VALIDATE_BOOLEAN filter as it seems to have different behaviors when used in the filter_var() vs. the filter_input() functions.
To demonstrate, let's parse some arguments from a GET request (notice how arg2 is NOT set):
example.com/script.php?arg1=yes&arg3=no
<?php
// filtering by variable
$var1 = filter_var($_GET["arg1"], FILTER_VALIDATE_BOOLEAN);
$var2 = filter_var($_GET["arg2"], FILTER_VALIDATE_BOOLEAN);
$var3 = filter_var($_GET["arg3"], FILTER_VALIDATE_BOOLEAN);
// filtering by input
$input1 = filter_input(INPUT_GET, "arg1", FILTER_VALIDATE_BOOLEAN);
$input2 = filter_input(INPUT_GET, "arg2", FILTER_VALIDATE_BOOLEAN);
$input3 = filter_input(INPUT_GET, "arg3", FILTER_VALIDATE_BOOLEAN);
// as expected...
var_dump($var1); // bool(true)
var_dump($var2); // bool(false)
var_dump($var3); // bool(false)
// NULL is not an expected return...
var_dump($input1); // bool(true)
var_dump($input2); // NULL
var_dump($input3); // bool(false)
?>
As per the documentation, the return is limited to true XOR false unless the FILTER_NULL_ON_FAILURE flag is set, but it seems as if this flag is set automatically with the filter_input() function.
(Note: same behavior for filter_var_array() vs. filter_input_array())