PHP 8.4.1 Released!

filter_input_array

(PHP 5 >= 5.2.0, PHP 7, PHP 8)

filter_input_arrayObtiene variables externas y opcionalmente las filtra

Descripción

filter_input_array(int $type, mixed $definition = ?, bool $add_empty = true): mixed

Esta función es útil para recuperar muchos valores sin necesidad de hacer repetidas llamadas a filter_input().

Parámetros

type

Una de las siguientes: INPUT_GET, INPUT_POST, INPUT_COOKIE, INPUT_SERVER o INPUT_ENV.

definition

Un array definiendo los argumentos. Una clave válida será aquella que contiene un string con el nombre de una variable y un valor válido aquel que o bien es un tipo filter type o un array especificando opcionalmente el filtro, flags y opciones. Si el valor es un array, las claves válidas serán: filter que especifica el tipo filter type, flags que define cualquier flag que deba aplicarse a los filtros, y options que establece cualquier opción que se deba aplicar al filtro. Para entender mejor su funcionamiento, vea el ejemplo inferior.

Este parámetro puede ser también un entero que indique una constante de filtro. Entonces todos los valores en el array de entrada son filtrados por ese filtro.

add_empty

Añade claves faltantes como null al valor devuelto.

Valores devueltos

En caso de éxito, un array con los valores de las variables que se han pedido o false en caso de fallo. Un valor del array puede ser false si el filtro falla o null si la variable no está creada. O, si se usa el flag FILTER_NULL_ON_FAILURE y la variable no está definida retorna false y null si el filtro falla.

Ejemplos

Ejemplo #1 Un ejemplo con filter_input_array()

<?php
error_reporting
(E_ALL | E_STRICT);
/* Los datos vienen realmente por POST
$_POST = array(
'id_producto' => 'libgd<script>',
'componente' => '10',
'version' => '2.0.33',
'test_escalar' => array('2', '23', '10', '12'),
'test_array' => '2',
);
*/

$args = array(
'id_producto' => FILTER_SANITIZE_ENCODED,
'componente' => array('filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_ARRAY,
'options' => array('min_range' => 1, 'max_range' => 10)
),
'version' => FILTER_SANITIZE_ENCODED,
'no_existe' => FILTER_VALIDATE_INT,
'test_escalar' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_SCALAR,
),
'test_array' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_ARRAY,
)

);

$mis_entradas = filter_input_array(INPUT_POST, $args);

var_dump($mis_entradas);
echo
"\n";
?>

El resultado del ejemplo sería:

array(6) {
  ["id_producto"]=>
  array(1) {
    [0]=>
    string(17) "libgd%3Cscript%3E"
  }
  ["componente"]=>
  array(1) {
    [0]=>
    int(10)
  }
  ["version"]=>
  array(1) {
    [0]=>
    string(6) "2.0.33"
  }
  ["no_existe"]=>
  NULL
  ["test_escalar"]=>
  bool(false)
  ["test_array"]=>
  array(1) {
    [0]=>
    int(2)
  }
}

Historial de cambios

Versión Descripción
5.4.0 Se añadió el parámetro add_empty.

Notas

Nota:

No existe la clave REQUEST_TIME en la matriz INPUT_SERVER porque este valor se inserta posteriormente en $_SERVER.

Ver también

add a note

User Contributed Notes 9 notes

up
19
sdupuis at blax dot ca
10 years ago
Note that although you can provide a default filter for the entire input array there is no way to provide a flag for that filter without building the entire definition array yourself.

So here is a small function that can alleviate this hassle!

<?php
function filter_input_array_with_default_flags($type, $filter, $flags, $add_empty = true) {
$loopThrough = array();
switch (
$type) {
case
INPUT_GET : $loopThrough = $_GET; break;
case
INPUT_POST : $loopThrough = $_POST; break;
case
INPUT_COOKIE : $loopThrough = $_COOKIE; break;
case
INPUT_SERVER : $loopThrough = $_SERVER; break;
case
INPUT_ENV : $loopThrough = $_ENV; break;
}

$args = array();
foreach (
$loopThrough as $key=>$value) {
$args[$key] = array('filter'=>$filter, 'flags'=>$flags);
}

return
filter_input_array($type, $args, $add_empty);
}
?>
up
17
CertaiN
10 years ago
[New Version]
This function is very useful for filtering complicated array structure.
Also, Some integer bitmasks and invalid UTF-8 sequence detection are available.

Code:
<?php
/**
* @param integer $type Constant like INPUT_XXX.
* @param array $default Default structure of the specified super global var.
* Following bitmasks are available:
* + FILTER_STRUCT_FORCE_ARRAY - Force 1 dimensional array.
* + FILTER_STRUCT_TRIM - Trim by ASCII control chars.
* + FILTER_STRUCT_FULL_TRIM - Trim by ASCII control chars,
* full-width and no-break space.
* @return array The value of the filtered super global var.
*/
define('FILTER_STRUCT_FORCE_ARRAY', 1);
define('FILTER_STRUCT_TRIM', 2);
define('FILTER_STRUCT_FULL_TRIM', 4);
function
filter_struct_utf8($type, array $default) {
static
$func = __FUNCTION__;
static
$trim = "[\\x0-\x20\x7f]";
static
$ftrim = "[\\x0-\x20\x7f\xc2\xa0\xe3\x80\x80]";
static
$recursive_static = false;
if (!
$recursive = $recursive_static) {
$types = array(
INPUT_GET => $_GET,
INPUT_POST => $_POST,
INPUT_COOKIE => $_COOKIE,
INPUT_REQUEST => $_REQUEST,
);
if (!isset(
$types[(int)$type])) {
throw new
LogicException('unknown super global var type');
}
$var = $types[(int)$type];
$recursive_static = true;
} else {
$var = $type;
}
$ret = array();
foreach (
$default as $key => $value) {
if (
$is_int = is_int($value)) {
if (!(
$value | (
FILTER_STRUCT_FORCE_ARRAY |
FILTER_STRUCT_FULL_TRIM |
FILTER_STRUCT_TRIM
))) {
$recursive_static = false;
throw new
LogicException('unknown bitmask');
}
if (
$value & FILTER_STRUCT_FORCE_ARRAY) {
$tmp = array();
if (isset(
$var[$key])) {
foreach ((array)
$var[$key] as $k => $v) {
if (!
preg_match('//u', $k)){
continue;
}
$value &= FILTER_STRUCT_FULL_TRIM | FILTER_STRUCT_TRIM;
$tmp += array($k => $value ? $value : '');
}
}
$value = $tmp;
}
}
if (
$isset = isset($var[$key]) and is_array($value)) {
$ret[$key] = $func($var[$key], $value);
} elseif (!
$isset || is_array($var[$key])) {
$ret[$key] = null;
} elseif (
$is_int && $value & FILTER_STRUCT_FULL_TRIM) {
$ret[$key] = preg_replace("/\A{$ftrim}++|{$ftrim}++\z/u", '', $var[$key]);
} elseif (
$is_int && $value & FILTER_STRUCT_TRIM) {
$ret[$key] = preg_replace("/\A{$trim}++|{$trim}++\z/u", '', $var[$key]);
} else {
$ret[$key] = preg_replace('//u', '', $var[$key]);
}
if (
$ret[$key] === null) {
$ret[$key] = $is_int ? '' : $value;
}
}
if (!
$recursive) {
$recursive_static = false;
}
return
$ret;
}
?>
up
8
CertaiN
11 years ago
This function is very useful for filtering complicated array structure.

Code:
<?php
function filter_request($var, $default_structure) {

$ret = array();

foreach (
$default_structure as $key => $value) {
if (!isset(
$var[$key])) {
$ret[$key] = $value;
} elseif (
is_array($value)) {
$ret[$key] = filter_request($var[$key], $value);
} elseif (
is_array($var[$key])) {
$ret[$key] = $value;
} else {
$ret[$key] = $var[$key];
}
}

return
$ret;

}
?>

Sample Usage:
<?php
$_GET
['a']['wrong_structure'] = 'foo';
$_GET['b']['c'] = 'CORRECT';
$_GET['b']['d']['wrong_structure'] = 'bar';
$_GET['unneeded_item'] = 'baz';

var_dump(filter_request($_GET, array(
'a' => 'DEFAULT',
'b' => array(
'c' => 'DEFAULT',
'd' => 'DEFAULT',
),
)));
?>

Sample Result:
array(2) {
["a"]=>
string(21) "DEFAULT"
["b"]=>
array(2) {
["c"]=>
string(12) "CORRECT"
["d"]=>
string(21) "DEFAULT"
}
}
up
9
Anonymous
14 years ago
Beware: if none of the arguments is set, this function returns NULL, not an array of NULL values.

/* No POST vars set in request
$_POST = array();
*/

$args = array('some_post_var' => FILTER_VALIDATE_INT);
$myinputs = filter_input_array(INPUT_POST, $args);
var_dump($myinputs);

Expected Output: array(1) { ["some_post_var"]=> NULL }

Actual Output: NULL
up
6
CertaiN
10 years ago
[New Version]

Example Usage:
<?php
$_GET
['A']['a'] = ' CORRECT(including some spaces) ';
$_GET['A']['b'] = ' CORRECT(including some spaces) ';
$_GET['A']['c'] = "Invalid UTF-8 sequence: \xe3\xe3\xe3";
$_GET['A']['d']['invalid_structure'] = 'INVALID';

$_GET['B']['a'] = ' CORRECT(including some spaces) ';
$_GET['B']['b'] = "Invalid UTF-8 sequence: \xe3\xe3\xe3";
$_GET['B']['c']['invalid_structure'] = 'INVALID';
$_GET['B']["Invalid UTF-8 sequence: \xe3\xe3\xe3"] = 'INVALID';

$_GET['C']['a'] = ' CORRECT(including some spaces) ';
$_GET['C']['b'] = "Invalid UTF-8 sequence: \xe3\xe3\xe3";
$_GET['C']['c']['invalid_structure'] = 'INVALID';
$_GET['C']["Invalid UTF-8 sequence: \xe3\xe3\xe3"] = 'INVALID';

$_GET['unneeded_item'] = 'UNNEEDED';

var_dump(filter_struct_utf8(INPUT_GET, array(
'A' => array(
'a' => '',
'b' => FILTER_STRUCT_TRIM,
'c' => '',
'd' => '',
),
'B' => FILTER_STRUCT_FORCE_ARRAY,
'C' => FILTER_STRUCT_FORCE_ARRAY | FILTER_STRUCT_TRIM,
)));
?>

Example Result:
array(3) {
["A"]=>
array(4) {
["a"]=>
string(36) " CORRECT(including some spaces) "
["b"]=>
string(30) "CORRECT(including some spaces)"
["c"]=>
string(0) ""
["d"]=>
string(0) ""
}
["B"]=>
array(3) {
["a"]=>
string(36) " CORRECT(including some spaces) "
["b"]=>
string(0) ""
["c"]=>
string(0) ""
}
["C"]=>
array(3) {
["a"]=>
string(30) "CORRECT(including some spaces)"
["b"]=>
string(0) ""
["c"]=>
string(0) ""
}
}
up
5
Kevin
16 years ago
Looks like filter_input_array isn't aware of changes to the input arrays that were made before calling filter_input_array. Instead, it always looks at the originally submitted input arrays.

So this will not work:

$_POST['my_float_field'] = str_replace(',','.',$_POST['my_float_field']);
$args = array('my_float_field',FILTER_VALIDATE_FLOAT);
$result = filter_input_array(INPUT_POST, $args);
up
2
ville at N0SPAM dot zydo dot com
14 years ago
While filtering input arrays, be careful of what flags you set besides FILTER_REQUIRE_ARRAY. For example, setting the flags like so:

<?php
$filter
= array(
'myInputArr' => array('filter' => FILTER_SANITIZE_STRING,
'flags' => array('FILTER_FLAG_STRIP_LOW', 'FILTER_REQUIRE_ARRAY'))
);

$form_inputs = filter_input_array(INPUT_POST, $filter);
?>

.. will result in a blank $form_inputs['myInputArr'] regardless of what $_POST['myInputArr'] contains.
up
1
kibblewhite at live dot com
15 years ago
If you are trying to handling multiple form inputs with same name, then you must assign the `'flags' => FILTER_REQUIRE_ARRAY` to the definitions entry.

Example, you have a html form as such:
<form>
<input name="t1[]" value="Some string One" />
<input name="t1[]" value="Another String Two" />
</form>

Your definitions array will look a little like this:
$args = array(
't1' => array(
'name' => 't1',
'filter' => FILTER_SANITIZE_STRING,
'flags' => FILTER_REQUIRE_ARRAY)
);
up
0
cornelyu85 at yahoo dot com
1 year ago
Here's an extended function that allows you to keep also the unfiltered items/args from the request, while you also apply validation to some of them:

<?php

$validationRules
= [
'foo' => [
'filter' => FILTER_VALIDATE_REGEXP,
'options' => ['regexp' => '/^(bar|baz)$/i']
]
];

$request = filter_input_array_keep_unfiltered_args(INPUT_POST, $validationRules);

var_dump($request);

function
filter_input_array_keep_unfiltered_args($type, $filters, $addEmpty = true)
{
$rawRequest = filter_input_array($type);

$validationRules = [];
foreach (
$rawRequest as $key => $value) {
$validationRules[$key] = isset($filters[$key]) ? $filters[$key] : ['filter' => FILTER_DEFAULT];
}

return
filter_input_array($type, $validationRules, $addEmpty);
}

?>
To Top