The filter_input() function takes input from outside the script (such as form input) and filters it.
This function is used to validate variables from non-secure sources, such as user input.
This function can take input from various sources:
INPUT_GET
INPUT_POST
INPUT_COOKIE
INPUT_ENV
INPUT_SERVER
INPUT_SESSION (not yet implemented)
INPUT_REQUEST (not yet implemented)
If successful, the filtered data is returned. If it fails, returns FALSE. If the "variable" parameter is not set, NULL is returned.
filter_input(input_type, variable, filter, options)
| parameter | describe |
|---|---|
| input_type | Required. Specifies the input type. See the list of possible types above. |
| variable | Required. Specifies the variables to filter. |
| filter | Optional. Specifies the ID of the filter to use. The default is FILTER_SANITIZE_STRING. See the complete PHP Filter reference manual to view possible filters. The filter ID can be an ID name (such as FILTER_VALIDATE_EMAIL) or an ID number (such as 274). |
| options | Optional. Specifies an associative array of flags/options or a single flag/option. Check the possible flags and options for each filter. |
In this example, we use the filter_input() function to filter a POST variable. The POST variable received is a valid e-mail address:
<?phpif (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) { echo "E-Mail is not valid"; }else { echo "E-Mail is valid"; }?>The output of the code looks like this:
Email is valid