Sanitizing Strings with Filters in PHP 5 (
Page 1 of 4 )
Welcome to the eighth part of a nine-part series on using filters in PHP 5. In this part, I discuss how to use the filter extension for sanitizing strings in all sorts of clever manners. I'll show you how to encode quotes, low and high ASCII characters in literals, and remove them in the same easy manner. Doing this can help prevent SQL injections and XSS attacks when developing PHP applications.In case you haven’t heard about it yet, the filter extension that comes included with PHP 5 is a powerful library that allows you to perform all sorts of clever validation tasks on incoming data, ranging from checking integers and float numbers, Boolean and string values, to accomplishing more complex processes, such as verifying IP and email addresses.
Thus, if you’re a PHP developer who’s looking for an approachable guide that shows you how to work with the most relevant filters that come bundled with this useful extension, then you've come to the right place. In this group of articles you’ll find numerous examples that will show you how to get the most out of this data checking library in a truly effortless manner.
And now that you know the main goal of this article series, it’s time to refresh the topics covered in the last installment. So, as you’ll possibly recall, in that tutorial I discussed the usage of the FILTER_VALIDATE_IP filter for validating IP addresses utilizing both the IPv4 and the IPv6 protocols.
As with other filters that were reviewed in previous articles of this series, the FILTER_VALIDATE_IP filter was used in conjunction with the already familiar “filter_var()” function, to perform the validation process in a pretty straightforward fashion. However, as I stated previously, the filter extension has plenty of room to let developers verify different data types; this includes the ability to sanitize strings in different ways.
For instance, say that you need to strip unwanted HTML tags from data collected through a web form, or even wish to replace certain characters in a literal form by their corresponding HTML entities, as you’ve done probably hundreds of times before when using the “html_special_chars()” PHP native function. Well, the filter extension permits you to perform this kind of string sanitization and many, many others.
Therefore, in this penultimate part of this series, I’m going to explain how to use the extension to “heal” your strings in a snap, without having to code a complex custom function or class methods. So, let’s leave the preliminaries and see how to accomplish these task by means of a few comprehensive examples. Let’s get going!
/ 2 
