CakeFest 2017 NYC, the Official CakePHP Conference

Runtime Configuration

The behaviour of these functions is affected by settings in php.ini.

Filter Configuration Options
Name Default Changeable Changelog
filter.default "unsafe_raw" PHP_INI_PERDIR PHP_INI_ALL in filter <= 0.9.4. Available since PHP 5.2.0.
filter.default_flags NULL PHP_INI_PERDIR PHP_INI_ALL in filter <= 0.9.4. Available since PHP 5.2.0.
For further details and definitions of the PHP_INI_* modes, see the Where a configuration setting may be set.

Here's a short explanation of the configuration directives.

filter.default string

Filter all $_GET, $_POST, $_COOKIE, $_REQUEST and $_SERVER data by this filter. Original data can be accessed through filter_input().

Accepts the name of the filter you like to use by default. See the existing filter list for the list of the filter names.


Be careful about the default flags for the default filters. You should explicitly set them to the value you want. For example, to configure the default filter to behave exactly like htmlspecialchars() you need to set them default flags to 0 as shown below.

Example #1 Configuring the default filter to act like htmlspecialchars

filter.default = full_special_chars
filter.default_flags = 0

filter.default_flags integer

Default flags to apply when the default filter is set. This is set to FILTER_FLAG_NO_ENCODE_QUOTES by default for backwards compatibility reasons. See the flag list for the list of all the flag names.

add a note add a note

User Contributed Notes 1 note

warbaby67 at gmail dot com
6 years ago
filter.default sets the default FILTER by name.
filter.default_flags sets default FLAGS for the default filter.

The values for filter.default should be a string "name" of a valid FILTER: 

"boolean"  FILTER_VALIDATE_BOOLEAN        

The irony of the entire list I typed being blocked by the SPAM filter is not lost on me.  Perhaps I'm not the first.
To Top