We can sanitize a string by using FILTER_SANITIZE_STRING which removes different tags and quotes to make the string safe for use. The id of this is 513.
For comparison we have displayed the original string and the string after using FILTER_SANITIZE_STRING function in above demo. You can see how the string is cleaned by removing the html tags and the quotes are also removed. Above example is a code visitors can use to post malicious codes to your system. We can sanitize such strings before using them.
FILTER_FLAG_NO_ENCODE_QUOTES
If we don't want to remove the quotes then we can add the flag FILTER_FLAG_NO_ENCODE_QUOTES like this
Output is here ( You will also get one alert window )
Welcome
Welcome alert("Hi plus2net")
IN addition to above we can also add few more flags like this
FILTER_FLAG_STRIP_LOW Removes ASCII value less than 32 including tab & line breaks
FILTER_FLAG_STRIP_HIGH Removes chars having ASCII value more than 127
FILTER_FLAG_ENCODE_LOW Encode ASCII less than 32
FILTER_FLAG_ENCODE_HIGH Encode ASCII more than 127
FILTER_FLAG_ENCODE_AMP Encode Chars to & amp;