Runtime Configuration

The behaviour of these functions is affected by settings in php.ini.

Filter Configuration Options
Name Default Changeable Changelog
filter.default "unsafe_raw" INI_PERDIR Deprecated as of PHP 8.1.0.
filter.default_flags NULL INI_PERDIR  
For further details and definitions of the INI_* modes, see the Where a configuration setting may be set.

Here's a short explanation of the configuration directives.

filter.default string

Filter all $_GET, $_POST, $_COOKIE, $_REQUEST and $_SERVER data by this filter. Original data can be accessed through filter_input().

Accepts the name of the filter you like to use by default. See the existing filter list for the list of the filter names.


Be careful about the default flags for the default filters. You should explicitly set them to the value you want. For example, to configure the default filter to behave exactly like htmlspecialchars() you need to set them default flags to 0 as shown below.

Example #1 Configuring the default filter to act like htmlspecialchars

filter.default = full_special_chars
filter.default_flags = 0

filter.default_flags int

Default flags to apply when the default filter is set. This is set to FILTER_FLAG_NO_ENCODE_QUOTES by default for backwards compatibility reasons. See the flag list for the list of all the flag names.

add a note

User Contributed Notes 1 note

warbaby67 at gmail dot com
13 years ago
filter.default sets the default FILTER by name.
filter.default_flags sets default FLAGS for the default filter.

The values for filter.default should be a string "name" of a valid FILTER:


The irony of the entire list I typed being blocked by the SPAM filter is not lost on me. Perhaps I'm not the first.
To Top