FILTER_SANITIZE_STRING

We can sanitize a string by using FILTER_SANITIZE_STRING which removes different tags and quotes to make the string safe for use. The id of this is 513.
$str="Welcome <script> alert(\"Hi plus2net\")</script>"; 
$str1 = filter_var($str,FILTER_SANITIZE_STRING);
echo $str;
echo "<br>";
echo $str1;
For comparison we have displayed the original string and the string after using FILTER_SANITIZE_STRING function. You can see how the string is cleaned by removing the html tags and the quotes are also removed. Above example is a code visitors can use to post malicious codes to your system. We can sanitize such strings before using them.

FILTER_FLAG_NO_ENCODE_QUOTES

If we don't want to remove the quotes then we can add the flag FILTER_FLAG_NO_ENCODE_QUOTES like this
$str="Welcome <script> alert(\"Hi plus2net\")</script>"; 
$str1 = filter_var($str,FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES);
echo $str;
echo "<br>";
echo $str1;
Output is here ( You will also get one alert window )
Welcome 
Welcome alert("Hi plus2net")
IN addition to above we can also add few more flags like this
FILTER_FLAG_STRIP_LOW  Removes ASCII value less than 32 including tab & line breaks
FILTER_FLAG_STRIP_HIGH  Removes chars having ASCII value more than 127
FILTER_FLAG_ENCODE_LOW Encode ASCII less than 32
FILTER_FLAG_ENCODE_HIGH Encode ASCII more than 127
FILTER_FLAG_ENCODE_AMP Encode Chars to & amp;

Subscribe to our YouTube Channel here


Subscribe

* indicates required
Subscribe to plus2net

    plus2net.com




    Post your comments , suggestion , error , requirements etc here .




    We use cookies to improve your browsing experience. . Learn more
    HTML MySQL PHP JavaScript ASP Photoshop Articles FORUM . Contact us
    ©2000-2023 plus2net.com All rights reserved worldwide Privacy Policy Disclaimer