How to use PHP to sanitize or validate the filter with the flags?

Photo of author
Written By geekerhub

Lorem ipsum dolor sit amet consectetur pulvinar ligula augue quis venenatis. 

To use a PHP Filters, we need to use filter_var() function with other predefined Types of Filters.
The filter_var() function filters a variable with the specified filter.

Syntax for filter_var()
filter_var(mixed $value, int $filter = FILTER_DEFAULT, array|int $options = 0);

In a third argument, you can pass more than one filter flags options using bitwise OR (| operator) of the flag values
For example:

Return Values
Returns the filtered data, or false if the filter fails.

The FILTER_VALIDATE_BOOLEAN filter validates the value as a boolean option.

Possible return values:
Returns TRUE for “1”, “true”, “on” and “yes”
Returns FALSE for “0”, “false”, “off” and “no”
Returns NULL on failure if FILTER_NULL_ON_FAILURE is set

	$var1 ="Hello";
	$var2 = 23;

	echo "<br>";

		The output of the code will be:
List of Filters and available Flags
Listing of filters for validation
ID Name Flags Description

Returns true for “1”, “true”, “on” and “yes”. Returns false otherwise.

If FILTER_NULL_ON_FAILURE is set, false is returned only for “0”, “false”, “off”, “no”, and “”, and null is returned for all non-boolean values.


Validates whether the domain name label lengths are valid.

Validates domain names against RFC 1034, RFC 1035, RFC 952, RFC 1123, RFC 2732, RFC 2181, and RFC 1123. Optional flag FILTER_FLAG_HOSTNAME adds ability to specifically validate hostnames (they must start with an alphanumeric character and contain only alphanumerics or hyphens).


Validates whether the value is a valid e-mail address.

In general, this validates e-mail addresses against the addr-specsyntax in » RFC 822, with the exceptions that comments and whitespace folding and dotless domain names are not supported.

FILTER_VALIDATE_FLOAT “float” FILTER_FLAG_ALLOW_THOUSAND, FILTER_NULL_ON_FAILURE Validates value as float, optionally from the specified range, and converts to float on success.
FILTER_VALIDATE_INT “int” FILTER_FLAG_ALLOW_OCTAL, FILTER_FLAG_ALLOW_HEX, FILTER_NULL_ON_FAILURE Validates value as integer, optionally from the specified range, and converts to int on success.
FILTER_VALIDATE_IP “validate_ip” FILTER_FLAG_IPV4, FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE, FILTER_NULL_ON_FAILURE Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
FILTER_VALIDATE_MAC “validate_mac_address” FILTER_NULL_ON_FAILURE Validates value as MAC address.
FILTER_VALIDATE_REGEXP “validate_regexp” FILTER_NULL_ON_FAILURE Validates value against regexp, a Perl-compatible regular expression.
FILTER_VALIDATE_URL “validate_url” FILTER_FLAG_SCHEME_REQUIRED, FILTER_FLAG_HOST_REQUIRED, FILTER_FLAG_PATH_REQUIRED, FILTER_FLAG_QUERY_REQUIRED, FILTER_NULL_ON_FAILURE Validates value as URL (according to », optionally with required components. Beware a valid URL may not specify the HTTP protocol http:// so further validation may be required to determine the URL uses an expected protocol, e.g. ssh:// or mailto:. Note that the function will only find ASCII URLs to be valid; internationalized domain names (containing non-ASCII characters) will fail.

Leave a Comment