filter_input_array

(PHP 5 >= 5.2.0, PHP 7, PHP 8)

filter_input_array获取一系列外部变量,并且可以通过过滤器处理它们

说明

filter_input_array(int $type, array|int $options = FILTER_DEFAULT, bool $add_empty = true): array|false|null

这个函数当需要获取很多变量却不想重复调用filter_input()时很有用。

参数

type

INPUT_GET, INPUT_POST, INPUT_COOKIE, INPUT_SERVER, or INPUT_ENV之一。

options

一个定义参数的数组。一个有效的键必须是一个包含变量名的string,一个有效的值要么是一个filter type,或者是一个array 指明了过滤器、标示和选项。如果值是一个数组,那么它的有效的键可以是 filter, 用于指明 filter typeflags 用于指明任何想要用于过滤器的标示,或者 options 用于指明任何想要用于过滤器的选项。 参考下面的例子来更好的理解这段说明。

这个参数也可以是一个filter constant的整数。那么数组中的所有变量都会被这个过滤器所过滤。

add_empty

在返回值中添加 null 作为不存在的键。

返回值

成功时包含请求变量值的数组。如果通过 type 指定的输入数组没有值可以填充,当没有指定 FILTER_NULL_ON_FAILURE flag 时函数返回 null,否则为 false。其它失败返回 false

如果过滤失败,数组值将为 false,如果变量未设置,返回 null。如果使用 FILTER_NULL_ON_FAILURE flag,变量未设置将返回 false,过滤失败将返回 null。如果 add_empty 参数为 false,不会为复位的变量添加数组元素。

示例

示例 #1 filter_input_array() 示例

<?php

/* data actually came from POST
$_POST = array(
'product_id' => 'libgd<script>',
'component' => array('10'),
'version' => '2.0.33',
'testarray' => array('2', '23', '10', '12'),
'testscalar' => '2',
);
*/

$args = array(
'product_id' => FILTER_SANITIZE_ENCODED,
'component' => array('filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_ARRAY,
'options' => array('min_range' => 1, 'max_range' => 10)
),
'version' => FILTER_SANITIZE_ENCODED,
'doesnotexist' => FILTER_VALIDATE_INT,
'testscalar' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_SCALAR,
),
'testarray' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_ARRAY,
)

);

$myinputs = filter_input_array(INPUT_POST, $args);

var_dump($myinputs);
echo
"\n";
?>

以上示例会输出:

array(6) {
  ["product_id"]=>
  string(17) "libgd%3Cscript%3E"
  ["component"]=>
  array(1) {
    [0]=>
    int(10)
  }
  ["version"]=>
  string(6) "2.0.33"
  ["doesnotexist"]=>
  NULL
  ["testscalar"]=>
  int(2)
  ["testarray"]=>
  array(4) {
    [0]=>
    int(2)
    [1]=>
    int(23)
    [2]=>
    int(10)
    [3]=>
    int(12)
  }
}

注释

注意:

INPUT_SERVER 数组中并没有 REQUEST_TIME ,因为它是被稍后插入到 $_SERVER 中的。

参见

add a note add a note

User Contributed Notes 9 notes

up
20
sdupuis at blax dot ca
10 years ago
Note that although you can provide a default filter for the entire input array there is no way to provide a flag for that filter without building the entire definition array yourself.

So here is a small function that can alleviate this hassle!

<?php
function filter_input_array_with_default_flags($type, $filter, $flags, $add_empty = true) {
   
$loopThrough = array();
    switch (
$type) {
        case
INPUT_GET : $loopThrough = $_GET; break;
        case
INPUT_POST : $loopThrough = $_POST; break;
        case
INPUT_COOKIE : $loopThrough = $_COOKIE; break;
        case
INPUT_SERVER : $loopThrough = $_SERVER; break;
        case
INPUT_ENV : $loopThrough = $_ENV; break;
    }
  
   
$args = array();
    foreach (
$loopThrough as $key=>$value) {
       
$args[$key] = array('filter'=>$filter, 'flags'=>$flags);
    }
   
    return
filter_input_array($type, $args, $add_empty);
}
?>
up
18
CertaiN
10 years ago
[New Version]
This function is very useful for filtering complicated array structure.
Also, Some integer bitmasks and invalid UTF-8 sequence detection are available.

Code:
<?php
/**
* @param  integer $type    Constant like INPUT_XXX.
* @param  array   $default Default structure of the specified super global var.
*                          Following bitmasks are available:
*  + FILTER_STRUCT_FORCE_ARRAY - Force 1 dimensional array.
*  + FILTER_STRUCT_TRIM        - Trim by ASCII control chars.
*  + FILTER_STRUCT_FULL_TRIM   - Trim by ASCII control chars,
*                                full-width and no-break space.
* @return array            The value of the filtered super global var.
*/
define('FILTER_STRUCT_FORCE_ARRAY', 1);
define('FILTER_STRUCT_TRIM', 2);
define('FILTER_STRUCT_FULL_TRIM', 4);
function
filter_struct_utf8($type, array $default) {
    static
$func = __FUNCTION__;
    static
$trim = "[\\x0-\x20\x7f]";
    static
$ftrim = "[\\x0-\x20\x7f\xc2\xa0\xe3\x80\x80]";
    static
$recursive_static = false;
    if (!
$recursive = $recursive_static) {
       
$types = array(
           
INPUT_GET => $_GET,
           
INPUT_POST => $_POST,
           
INPUT_COOKIE => $_COOKIE,
           
INPUT_REQUEST => $_REQUEST,
        );
        if (!isset(
$types[(int)$type])) {
            throw new
LogicException('unknown super global var type');
        }
       
$var = $types[(int)$type];
       
$recursive_static = true;
    } else {
       
$var = $type;
    }
   
$ret = array();
    foreach (
$default as $key => $value) {
        if (
$is_int = is_int($value)) {
            if (!(
$value | (
               
FILTER_STRUCT_FORCE_ARRAY |
               
FILTER_STRUCT_FULL_TRIM |
               
FILTER_STRUCT_TRIM
           
))) {
               
$recursive_static = false;
                throw new
LogicException('unknown bitmask');
            }
            if (
$value & FILTER_STRUCT_FORCE_ARRAY) {
               
$tmp = array();
                if (isset(
$var[$key])) {
                    foreach ((array)
$var[$key] as $k => $v) {
                        if (!
preg_match('//u', $k)){
                            continue;
                        }
                       
$value &= FILTER_STRUCT_FULL_TRIM | FILTER_STRUCT_TRIM;
                       
$tmp += array($k => $value ? $value : '');
                    }
                }
               
$value = $tmp;
            }
        }
        if (
$isset = isset($var[$key]) and is_array($value)) {
           
$ret[$key] = $func($var[$key], $value);
        } elseif (!
$isset || is_array($var[$key])) {
           
$ret[$key] = null;
        } elseif (
$is_int && $value & FILTER_STRUCT_FULL_TRIM) {
           
$ret[$key] = preg_replace("/\A{$ftrim}++|{$ftrim}++\z/u", '', $var[$key]);
        } elseif (
$is_int && $value & FILTER_STRUCT_TRIM) {
           
$ret[$key] = preg_replace("/\A{$trim}++|{$trim}++\z/u", '', $var[$key]);
        } else {
           
$ret[$key] = preg_replace('//u', '', $var[$key]);
        }
        if (
$ret[$key] === null) {
           
$ret[$key] = $is_int ? '' : $value;
        }
    }
    if (!
$recursive) {
       
$recursive_static = false;
    }
    return
$ret;
}
?>
up
7
CertaiN
11 years ago
This function is very useful for filtering complicated array structure.

Code:
<?php
function filter_request($var, $default_structure) {

   
$ret = array();

    foreach (
$default_structure as $key => $value) {
        if (!isset(
$var[$key])) {
           
$ret[$key] = $value;
        } elseif (
is_array($value)) {
           
$ret[$key] = filter_request($var[$key], $value);
        } elseif (
is_array($var[$key])) {
           
$ret[$key] = $value;
        } else {
           
$ret[$key] = $var[$key];
        }
    }

    return
$ret;

}
?>

Sample Usage:
<?php
$_GET
['a']['wrong_structure'] = 'foo';
$_GET['b']['c'] = 'CORRECT';
$_GET['b']['d']['wrong_structure'] = 'bar';
$_GET['unneeded_item'] = 'baz';

var_dump(filter_request($_GET, array(
   
'a' => 'DEFAULT',
   
'b' => array(
       
'c' => 'DEFAULT',
       
'd' => 'DEFAULT',
    ),
)));
?>

Sample Result:
array(2) {
  ["a"]=>
  string(21) "DEFAULT"
  ["b"]=>
  array(2) {
    ["c"]=>
    string(12) "CORRECT"
    ["d"]=>
    string(21) "DEFAULT"
  }
}
up
9
Anonymous
14 years ago
Beware: if none of the arguments is set, this function returns NULL, not an array of NULL values.

/* No POST vars set in request
$_POST = array();
*/

$args = array('some_post_var' => FILTER_VALIDATE_INT);
$myinputs = filter_input_array(INPUT_POST, $args);
var_dump($myinputs);

Expected Output: array(1) { ["some_post_var"]=> NULL }

Actual Output: NULL
up
6
CertaiN
10 years ago
[New Version]

Example Usage:
<?php
$_GET
['A']['a'] = '  CORRECT(including some spaces)    ';
$_GET['A']['b'] = '  CORRECT(including some spaces)    ';
$_GET['A']['c'] = "Invalid UTF-8 sequence: \xe3\xe3\xe3";
$_GET['A']['d']['invalid_structure'] = 'INVALID';

$_GET['B']['a'] = '  CORRECT(including some spaces)    ';
$_GET['B']['b'] = "Invalid UTF-8 sequence: \xe3\xe3\xe3";
$_GET['B']['c']['invalid_structure'] = 'INVALID';
$_GET['B']["Invalid UTF-8 sequence: \xe3\xe3\xe3"] = 'INVALID';

$_GET['C']['a'] = '  CORRECT(including some spaces)    ';
$_GET['C']['b'] = "Invalid UTF-8 sequence: \xe3\xe3\xe3";
$_GET['C']['c']['invalid_structure'] = 'INVALID';
$_GET['C']["Invalid UTF-8 sequence: \xe3\xe3\xe3"] = 'INVALID';

$_GET['unneeded_item'] = 'UNNEEDED';

var_dump(filter_struct_utf8(INPUT_GET, array(
   
'A' => array(
       
'a' => '',
       
'b' => FILTER_STRUCT_TRIM,
       
'c' => '',
       
'd' => '',
    ),
   
'B' => FILTER_STRUCT_FORCE_ARRAY,
   
'C' => FILTER_STRUCT_FORCE_ARRAY | FILTER_STRUCT_TRIM,
)));
?>

Example Result:
array(3) {
  ["A"]=>
  array(4) {
    ["a"]=>
    string(36) "  CORRECT(including some spaces)    "
    ["b"]=>
    string(30) "CORRECT(including some spaces)"
    ["c"]=>
    string(0) ""
    ["d"]=>
    string(0) ""
  }
  ["B"]=>
  array(3) {
    ["a"]=>
    string(36) "  CORRECT(including some spaces)    "
    ["b"]=>
    string(0) ""
    ["c"]=>
    string(0) ""
  }
  ["C"]=>
  array(3) {
    ["a"]=>
    string(30) "CORRECT(including some spaces)"
    ["b"]=>
    string(0) ""
    ["c"]=>
    string(0) ""
  }
}
up
4
Kevin
16 years ago
Looks like filter_input_array isn't aware of changes to the input arrays that were made before calling filter_input_array. Instead, it always looks at the originally submitted input arrays.

So this will not work:

$_POST['my_float_field'] = str_replace(',','.',$_POST['my_float_field']);
$args = array('my_float_field',FILTER_VALIDATE_FLOAT);
$result = filter_input_array(INPUT_POST, $args);
up
2
ville at N0SPAM dot zydo dot com
14 years ago
While filtering input arrays, be careful of what flags you set besides FILTER_REQUIRE_ARRAY. For example, setting the flags like so:

<?php
$filter
= array(
'myInputArr' => array('filter' => FILTER_SANITIZE_STRING,
                     
'flags' => array('FILTER_FLAG_STRIP_LOW', 'FILTER_REQUIRE_ARRAY'))
);

$form_inputs = filter_input_array(INPUT_POST, $filter);
?>

.. will result in a blank $form_inputs['myInputArr'] regardless of what $_POST['myInputArr'] contains.
up
1
kibblewhite at live dot com
15 years ago
If you are trying to handling multiple form inputs with same name, then you must assign the `'flags'  => FILTER_REQUIRE_ARRAY` to the definitions entry.

Example, you have a html form as such:
<form>
<input name="t1[]" value="Some string One" />
<input name="t1[]" value="Another String Two" />
</form>

Your definitions array will look a little like this:
$args = array(
  't1'    => array(
      'name' => 't1',
      'filter' => FILTER_SANITIZE_STRING,
      'flags'  => FILTER_REQUIRE_ARRAY)
);
up
0
cornelyu85 at yahoo dot com
1 year ago
Here's an extended function that allows you to keep also the unfiltered items/args from the request, while you also apply validation to some of them:

<?php

$validationRules
= [
   
'foo' => [
       
'filter' => FILTER_VALIDATE_REGEXP,
       
'options' => ['regexp' => '/^(bar|baz)$/i']
    ]
];

$request = filter_input_array_keep_unfiltered_args(INPUT_POST, $validationRules);

var_dump($request);

function
filter_input_array_keep_unfiltered_args($type, $filters, $addEmpty = true)
{
   
$rawRequest = filter_input_array($type);

   
$validationRules = [];
    foreach (
$rawRequest as $key => $value) {
       
$validationRules[$key] = isset($filters[$key]) ? $filters[$key] : ['filter' => FILTER_DEFAULT];
    }

    return
filter_input_array($type, $validationRules, $addEmpty);
}

?>
To Top