FILTER_SANITIZE_STRING

$str="Welcome <script> alert(\"Hi plus2net\")</script>"; 
$str1 = filter_var($str,FILTER_SANITIZE_STRING);
echo $str;
echo "<br>";
echo $str1;
Output
Welcome <script> alert("Hi plus2net")</script>
<br>Welcome  alert(&#34;Hi plus2net&#34;)
We can sanitize a string by using FILTER_SANITIZE_STRING which removes different tags and quotes to make the string safe for use. The id of this is 513.

For comparison we have displayed the original string and the string after using FILTER_SANITIZE_STRING function in above demo. You can see how the string is cleaned by removing the html tags and the quotes are also removed. Above example is a code visitors can use to post malicious codes to your system. We can sanitize such strings before using them.

FILTER_FLAG_NO_ENCODE_QUOTES

If we don't want to remove the quotes then we can add the flag FILTER_FLAG_NO_ENCODE_QUOTES like this
$str="Welcome <script> alert(\"Hi plus2net\")</script>"; 
$str1 = filter_var($str,FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES);
echo $str;
echo "<br>";
echo $str1;
Output is here ( You will also get one alert window )
Welcome 
Welcome alert("Hi plus2net")
IN addition to above we can also add few more flags like this
FILTER_FLAG_STRIP_LOW  Removes ASCII value less than 32 including tab & line breaks
FILTER_FLAG_STRIP_HIGH  Removes chars having ASCII value more than 127
FILTER_FLAG_ENCODE_LOW Encode ASCII less than 32
FILTER_FLAG_ENCODE_HIGH Encode ASCII more than 127
FILTER_FLAG_ENCODE_AMP Encode Chars to & amp;
Filter reference Ctype_alnum to check alphanumeric characters Validating Email address
Subscribe to our YouTube Channel here


Subscribe

* indicates required
Subscribe to plus2net

    plus2net.com







    Post your comments , suggestion , error , requirements etc here





    PHP video Tutorials
    We use cookies to improve your browsing experience. . Learn more
    HTML MySQL PHP JavaScript ASP Photoshop Articles FORUM . Contact us
    ©2000-2024 plus2net.com All rights reserved worldwide Privacy Policy Disclaimer