filter_id
Beware: if none of the arguments is set, this function returns NULL, not an array of NULL values.
/* No POST vars set in request
$_POST = array();
*/
$args = array('some_post_var' => FILTER_VALIDATE_INT);
$myinputs = filter_input_array(INPUT_POST, $args);
var_dump($myinputs);
Expected Output: array(1) { ["some_post_var"]=> NULL }
Actual Output: NULL
filter_input_array
(PHP 5 >= 5.2.0)
filter_input_array — Gets external variables and optionally filters them
Description
This function is useful for retrieving many values without repetitively calling filter_input().
Parameters
-
type -
One of
INPUT_GET,INPUT_POST,INPUT_COOKIE,INPUT_SERVER, orINPUT_ENV. -
definition -
An array defining the arguments. A valid key is a string containing a variable name and a valid value is either a filter type, or an array optionally specifying the filter, flags and options. If the value is an array, valid keys are filter which specifies the filter type, flags which specifies any flags that apply to the filter, and options which specifies any options that apply to the filter. See the example below for a better understanding.
This parameter can be also an integer holding a filter constant. Then all values in the input array are filtered by this filter.
Return Values
An array containing the values of the requested variables on success, or FALSE
on failure. An array value will be FALSE if the filter fails, or NULL if
the variable is not set. Or if the flag FILTER_NULL_ON_FAILURE
is used, it returns FALSE if the variable is not set and NULL if the filter
fails.
Examples
Example #1 A filter_input_array() example
<?php
error_reporting(E_ALL | E_STRICT);
/* data actually came from POST
$_POST = array(
'product_id' => 'libgd<script>',
'component' => '10',
'versions' => '2.0.33',
'testscalar' => array('2', '23', '10', '12'),
'testarray' => '2',
);
*/
$args = array(
'product_id' => FILTER_SANITIZE_ENCODED,
'component' => array('filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_ARRAY,
'options' => array('min_range' => 1, 'max_range' => 10)
),
'versions' => FILTER_SANITIZE_ENCODED,
'doesnotexist' => FILTER_VALIDATE_INT,
'testscalar' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_SCALAR,
),
'testarray' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_ARRAY,
)
);
$myinputs = filter_input_array(INPUT_POST, $args);
var_dump($myinputs);
echo "\n";
?>
The above example will output:
array(6) {
["product_id"]=>
array(1) {
[0]=>
string(17) "libgd%3Cscript%3E"
}
["component"]=>
array(1) {
[0]=>
int(10)
}
["versions"]=>
array(1) {
[0]=>
string(6) "2.0.33"
}
["doesnotexist"]=>
NULL
["testscalar"]=>
bool(false)
["testarray"]=>
array(1) {
[0]=>
int(2)
}
}
Notes
Note:
There is no REQUEST_TIME key in
INPUT_SERVERarray because it is inserted into the $_SERVER later.
See Also
- filter_input() - Gets a specific external variable by name and optionally filters it
- filter_var_array() - Gets multiple variables and optionally filters them
- Types of filters
add a note
User Contributed Notes
filter_input_array
Anonymous
22-Apr-2010 12:12
ville at N0SPAM dot zydo dot com
13-Mar-2010 03:18
While filtering input arrays, be careful of what flags you set besides FILTER_REQUIRE_ARRAY. For example, setting the flags like so:
<?php
$filter = array(
'myInputArr' => array('filter' => FILTER_SANITIZE_STRING,
'flags' => array('FILTER_FLAG_STRIP_LOW', 'FILTER_REQUIRE_ARRAY'))
);
$form_inputs = filter_input_array(INPUT_POST, $filter);
?>
.. will result in a blank $form_inputs['myInputArr'] regardless of what $_POST['myInputArr'] contains.
kibblewhite at live dot com
26-Jan-2009 07:35
If you are trying to handling multiple form inputs with same name, then you must assign the `'flags' => FILTER_REQUIRE_ARRAY` to the definitions entry.
Example, you have a html form as such:
<form>
<input name="t1[]" value="Some string One" />
<input name="t1[]" value="Another String Two" />
</form>
Your definitions array will look a little like this:
$args = array(
't1' => array(
'name' => 't1',
'filter' => FILTER_SANITIZE_STRING,
'flags' => FILTER_REQUIRE_ARRAY)
);
kdeloach at gmail dot com
12-Aug-2008 12:42
@iam4webwork
This is not specific to filter_input. If you have an element in HTML called names[], it can be accessed by calling $_POST['names'].
Kevin
08-Jul-2008 06:37
Looks like filter_input_array isn't aware of changes to the input arrays that were made before calling filter_input_array. Instead, it always looks at the originally submitted input arrays.
So this will not work:
$_POST['my_float_field'] = str_replace(',','.',$_POST['my_float_field']);
$args = array('my_float_field',FILTER_VALIDATE_FLOAT);
$result = filter_input_array(INPUT_POST, $args);
phpnotes dot 20 dot zsh at spamgourmet dot com
10-Sep-2007 10:32
The above example will actually output "NULL" because of the undefined variable doesnotexist - see http://bugs.php.net/bug.php?id=42608.
Sinured
22-Aug-2007 10:10
extract() is a very convenient way of copying all those variables to the local scope. (see http://www.php.net/extract)
iam4webwork at NOSPAM dot hotmail dot com
08-Jun-2007 01:02
The above example raises other questions such as how one would validate an html array. In the input form each input tag that refers to an html array would be named for example testarray[]. However, after the form is submitted, the syntax for validating the values is different from the expected $_POST['testarray[]']. Instead one has to drop the braces and validate as follows, assuming that testarray[] is supposed to be an html array of numerical values:
Valid test:
echo '*';
echo filter_input(
INPUT_POST,
'testarray',
FILTER_VALIDATE_INT,
FILTER_REQUIRE_ARRAY
);
echo '*';
But the following is an invalid test that results in 2 consequtive asterisks only!
echo '*';
echo filter_input(INPUT_POST,
'testarray[]',
FILTER_VALIDATE_INT,
FILTER_REQUIRE_ARRAY
);
echo '*';
So, there is a naming inconsistency going on, as after the form is submitted, one has to forget about the original name of the submitted array by dropping its braces. Maybe when the PECL/Filter extension is reviewed again, the great ones might consider making the syntax a little more forgiving.