2

I've got a function that takes a filter constant for filter_input as an optional parameter. Is it possible to make sure the value of the string is a valid PHP filter constant, perhaps with a built in PHP function?

I know one way is to make my own array of all filter constants and check against that, but I was hoping for an easier or better way.

Improve this question
2
  • defined(), but what you are looking for is some kind of whitelist. Commented May 10, 2019 at 15:51
  • Please sse filter_list() and filter_id() in the PHP manual Commented May 10, 2019 at 18:58

2 Answers 2

Reset to default
2

You could verify against the list of filters:

$valid = in_array($filter, filter_list(), true);

Where $filter contains the user supplied filter value and $valid the result as a bool (true if valid, false if invalid).

See filter_list() in the PHP manual for more details.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks I think this will work well. filter_list() is good to know about and didn't come up in my Googling.
@track: you're welcome. next to googling, I find it often worth to browse and read the related section in the PHP manual e.g. the list of functions of the extension. This is how I discovered this one. There is an additional way which is using reflection to get all constants from a PHP extension: php.net/manual/en/reflectionextension.getconstants.php - it works for every extension however it's not really appropriate in your case compared with filter_list().
1

I was able to achieve this by using the get_defined_constants() PHP built-in function, which list all predefined PHP constants.

Solution:

The code below will store all the allowed filters into an array and allow you to check any filter's validity via the check_filter() function.

<?php

$constants = get_defined_constants();
$allowed_filters = array();
foreach ($constants as $c => $val)
    if (substr($c, 0, 7) == 'FILTER_')
        $allowed_filters[$c] = 1;

function check_filter($filter_name, $allowed_filters) { return isset($allowed_filters[$filter_name]); }

var_dump(check_filter('FILTER_SANITIZE_EMAIL', $allowed_filters)); // true
var_dump(check_filter('FILTER_TEST', $allowed_filters)); // false
var_dump(check_filter('PHP_VERSION', $allowed_filters)); // false, even though constant exists

I hope this helps!

Improve this answer

3 Comments

A whiteliste perhaps is still more precise, just looking for the FILTER_ prefix will allow flags as well, see 3v4l.org/r7gSm
Yes I did this at first but there's a lot of filters available and new ones added into almost every new major version of PHP.
Not only that, there is also relation between filters and their flags, options and further parameters. This does not very well map 1:1. Anyway for the answer you give, you pass the name of the constant however I did read the question of the OP to check against a constants value (not it's name). Also for the answer you give, see as well stackoverflow.com/a/12482518/367456

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.