Is the third parameter of filter_input required in PHP?

To documentation of function filter_input says the following about the third parameter:

"If omitted, FILTER_DEFAULT will be used, which is equivalent to FILTER_UNSAFE_RAW. This will result in no Filtering taking place by default."

That is, the third parameter is not mandatory and may be omitted. Although it does not filter the actual value.

It’s not, see how this in the documentation: http://php.net/manual/en/function.filter-input.php

mixed filter_input ( int $type , string $variable_name [, int $filter = FILTER_DEFAULT [, mixed $options ]] )

Those [...] indicate optional arguments, in PHP there are predefined arguments, when you omit in your use php passes the default value, which in the specific case of this function would be the FILTER_DEFAULT, the code you posted shows that the person changed FILTER_DEFAULT for FILTER_SANITIZE_SPECIAL_CHARS, that is, each of them serves for one thing, just see the values supported in http://php.net/manual/en/filter.filters.php

as it says in doc:

If omitted, FILTER_DEFAULT will be used, which is equivalent to FILTER_UNSAFE_RAW. This will result in no Filtering taking place by default.

If omitted will use FILTER_DEFAULT, which is equivalent to FILTER_UNSAFE_RAW. This will result in an unfiltered value.

For the record, the FILTER_SANITIZE_SPECIAL_CHARS is part of the http://php.net/manual/en/filter.filters.sanitize.php, this filter in case escapes/converts characters as: <, >, &, among others that the ASCII value is less than 32, that is, something like:

<?php
$str = "< > & \0 \n \r";

$x = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS);

var_dump($x);

Will print this:

string(34) "< > & � 
 
"

Which are HTML entities, which when rendered on the page actually display < > & \0 \n \r, but without affecting HTML.