filter-var

I have very limited experience with PHP and I'm really hoping someone can help me. What I want to do is sanitize/validate the phone number input so that only numbers are allowed. I think I need to use FILTER_SANITIZE_NUMBER_INT but I'm not sure where or how to use it. Here is my code: <?php // Replace the email address with the one that should receive the contact form inquiries. define('TO_EMAIL', '########'); $aErrors = array(); $aResults = array(); /* Functions */ function stripslashes_if_required($sContent) { if(get_magic_quotes_gpc()) { return stripslashes($sContent); } else { return

I'm trying to check whether or not an IP address is an internal-only (i.e. private) IP, but I'm getting a curious result: filter_var('173.194.66.94', FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE); // returns 173.194.66.94 filter_var('192.168.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE); // returns false filter_var('127.0.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE); // returns 127.0.0.1? Surely 127.0.0.1 counts as a private IP? I found this bug report from 2010 which reports this as an issue, but it's marked as fixed. Is this a regression, or am I misunderstanding what this

Disclaimer This is not a question about whether we should be escaping for database input. This is strictly looking at the technical differences between the three functions in the title. There is this question discussing the difference between htmlentities() and htmlspecialchars() . But, it doesn't really discuss filter_var() and the information I found on Google was more along the lines of "Make sure you escape user input before it is echo'd!" My questions are: Why are htmlspecialchars() and htmlentities() commonly used over filter_var() ? Is there some performance hit from using filter_var()

The FILTER_VALIDATE_URL filter seems to have some trouble validating non-ASCII URLs: var_dump(filter_var('http://pt.wikipedia.org/wiki/', FILTER_VALIDATE_URL)); // http://pt.wikipedia.org/wiki/ var_dump(filter_var('http://pt.wikipedia.org/wiki/Guimarães', FILTER_VALIDATE_URL)); // false Why isn't the last URL correctly validated? And what are the possible workarounds? Running PHP 5.3.0. I'd also like to know where I can find the source code of the FILTER_VALIDATE_URL validation filter. The parsing starts here: http://svn.php.net/viewvc/php/php-src/trunk/ext/filter/logical_filters.c?view=markup

$str = '"mynam@blabl"@domanin.com'; filter_var($str, FILTER_VALIDATE_EMAIL);//return valid email. the above email returns true... Fair enough that RFC 2822 says it's a legal email address. my question is if you validate an email using the above could an email carry sql injections that can harm the db even though you have filtered it with filter_var? my question is if you validate an email using the above could an email carry sql injections that can harm the db even though you have filtered it with filter_var? filter_var is not a replacement for database specific sanitation like mysql_real