NOTE: dont wrap PHP function in closure as writed in "top" comment
<?php
$str = filter_input(INPUT_GET, 'str', FILTER_CALLBACK, ['options' => 'trim']);
?>
| ID | Name | Options | Flags | Description |
|---|---|---|---|---|
FILTER_CALLBACK |
"callback" | callable function or method | All flags are ignored | Call user-defined function to filter data. |
NOTE: dont wrap PHP function in closure as writed in "top" comment
<?php
$str = filter_input(INPUT_GET, 'str', FILTER_CALLBACK, ['options' => 'trim']);
?>
Some useful custom filters:
<?php
function sanitizeOptions($array,$default) {
return function($value = null) use ($array,$default) {
if (in_array($value, $array)) return $value;
return $default;
};
}
function sanitizeKey($value) {
return strtolower(preg_replace('/[^a-zA-Z0-9-_\.]/','', $value));
}
/*usage */
filter_var($format, FILTER_CALLBACK, array(
"options" => sanitizeOptions(['html','json','blob'],'json')
));
filter_var($format,FILTER_CALLBACK, array(
"options" => 'sanitizeKey'
));
?>
Here's how to create callable functions with parameters. These are functions that return closures. When you call them, you supply the known parameters, and it returns a function that will accept the value from filter_input() or filter_input_array().
<?php
function filter_sanitize_int_range_generator($low, $high) {
return function($value = null) use ($low, $high) {
$v = intval($value);
if ($v < $low) return false;
if ($v > $high) return false;
return $v;
};
}
function filter_sanitize_string_in_array_generator($array) {
return function($value = null) use ($array) {
if (!is_string($value)) return false;
if (in_array($value, $array)) return $value;
return false;
};
}
echo "TESTING RANGE\n";
$fun = filter_sanitize_int_range_generator(1,10);
var_dump($fun(5)); // 5
var_dump((filter_sanitize_int_range_generator(1,10))(0)); // false
var_dump((filter_sanitize_int_range_generator(1,10))(1)); // 1
var_dump((filter_sanitize_int_range_generator(1,10))(10)); // 10
var_dump((filter_sanitize_int_range_generator(1,10))(11)); // false
var_dump($fun()); // false
echo "TESTING IN ARRAY\n";
$fun = filter_sanitize_string_in_array_generator(['cat','dog','bird']);
var_dump($fun('cat')); // cat
var_dump($fun('dog')); // dog
var_dump($fun('bird')); // bird
var_dump($fun('fish')); // false
var_dump($fun()); // false
// use it like this
filter_input(INPUT_GET, 'month', FILTER_CALLBACK, array( "callable" => filter_sanitize_int_range_generator(1,12) ) );
Are you also struggling with how to send arguments into the FILTER_CALLBACK.
Lets say you like to have a collection of custom filters that you can use in filter_var, filter_var_array and so on, but you want be able to call the new filters with different arguments, as you can in filter_var.
The easiest way to do this is to make a new class with all your custom filters. Then construct the class with your arguments inside filter_var argument array and enter the method in your class you like to run after.
If you send the argument as an array it is easy to make default values. But you can pass as many arguments you want and in any type, with this solution.
Example:
<?php
/**
* Class CustomFilters
* Custom filters for filter_var, filter_var_array, filter_input, filter_input_array
*/
class CustomFilters {
private $options = array();
public function __construct(array $options=array()){
$this->options = $options;
}
/**
* Returns the default options merged with the construction options
* @param array $defaults
* @return array
*/
private function get_options(array $defaults){
return array_merge($defaults, $this->options);
}
/**
* Checks if a value is in a range
* @param mixed $val Value provided by filter_var
* @return mixed
*/
public function FILTER_STEP_RANGE($val){
$options = $this->get_options(
// default options
array(
"min_range" => 1,
"max_range" => 10,
"step" => 1,
"default" => null, // Value to return on fail
"strict" => false, // Check value for correct type
"cast" => false // Cast the value in a certain type
)
);
if(in_array( $val, range($options["min_range"], $options["max_range"], $options["step"]), $options["strict"])){
// Return default if the value cant be cast as the right type
if( $options["cast"] && !settype($val, $options["cast"])) {
return $options["default"];
}
return $val;
}else{
return $options["default"];
}
}
/**
* Checks if a value is in array
* @param mixed $val Value provided by filter_var
* @return mixed
*/
public function FILTER_ENUM($val){
$options = $this->get_options(
// default options
array(
"values" => array(),
"strict" => false, // Value to return on fail
"default" => null, // Check value for correct type
"cast" => false // Cast the value in a certain type
)
);
if(in_array($val, $options["values"], $options["strict"])){
// Return default if the value cant be cast as the right type
if( $options["cast"] && !settype($val, $options["cast"])){
return $options["default"];
}
return $val;
}else{
return $options["default"];
}
}
}
$data = array(
"range1" => "200",
"range2" => 25,
"enum" => "yes"
);
$args = array(
"range1" => array(
"filter" => FILTER_CALLBACK,
"options" => array(
new CustomFilters(array( "min_range" => 10, "max_range" => 600, "step" => 10, "default" => 120,
"cast" => "integer")),
'FILTER_STEP_RANGE'
)
),
"range2" => array(
"filter" => FILTER_CALLBACK,
"options" => array(
new CustomFilters(array( "min_range" => 0, "max_range" => 1, "step" => .1, "default" => .5,
"cast" => "float")),
'FILTER_STEP_RANGE'
)
),
"enum" => array(
"filter" => FILTER_CALLBACK,
"options" => array(
new CustomFilters(array( "values" => array("yes", "no", "Yes","No"), "cast" => "string")),
'FILTER_ENUM'
)
)
);
var_dump( filter_var_array($data, $args) );
?>
Returns:
array(3) {
["range1"] => int(200)
["range2"] => float(0.5)
["enum"] => string(3) "yes"
}
The supplied callback function may also be a class method. (since 5.4.0 ?)
To use a method you need to set the options param to an array with two values: the first is the object and the second is the method name.
<?php
/**
* @property-read $language
*/
class GetInputStore {
private $allowed_languages = array('en', 'fr', 'de', 'nl' /*, ... */);
private $language;
public function __construct(){
$this->language = filter_input(INPUT_GET, 'language', FILTER_CALLBACK, array('options' => array($this, 'get_language_code')));
}
public function __get($name){
switch($name){
case 'language' : return $this->language;
default : throw new Exception("The GetInputStore class doesn't support GET param \"$name\"");
}
}
private function get_language_code($code){
if(in_array($code, $this->allowed_languages)){
return $code;
} else {
return 'en';
}
}
}
?>
Here is an example, since I cannot find one through out php.net"
<?php
/**
* Strip whitespace (or other non-printable characters) from the beginning and end of a string
* @param string $value
*/
function trimString($value)
{
return trim($value);
}
$loginname = filter_input(INPUT_POST, 'loginname', FILTER_CALLBACK, array('options' => 'trimString'));