Does anyone have experience with Filter()

[fortnox007]

HI all,

 

Yesterday i read quite alot about htmlentities() htmlspecialchars() mysql_real_escape_string

But today i stumbled upon filter()  (http://www.w3schools.com/php/php_filter.asp). Does anyone know if this is also a good way to sanitize and may even be an alternative for the other functions? OR is it something completly different? I am still a novice with this so please enlighten me : )

 

TY

[Psycho]

I think a better question is what EXACTLY are you trying to accomplish. All of the functions you listeed above and the filter functions all have different purposes. If you are saving data to a MySQL database, then use the function built for that: mysql_real_escape_string(). That function will "escape" the data so that it is safe for a DB query - it doesn't change the result of the input.

 

The two html functions do the same thing. They convert/escape specific characters so they will display as intended. For example, if a user entered their name as "<b>Myname</b>" and you do not want user entered HTML code to be parsed you could use one of the two html functions to convert the greaterthan/lessthan characters to specific codes so the name will display as "<b>Myname</b>" instead of Myname

 

The filter functions allow for many different filters. They can remove unwanted values or they may just return false if the value does not pass the filter. See this page to get an idea of the filters available: http://us3.php.net/manual/en/filter.filters.php

 

In other words, all of the functions/filters have a specific purpose. You should pick the appropriate method for each situation. There is not one method that is superior to the others for all situations.

[fortnox007]

Ok cool. Thx for the tip, ill look it up : ) lol so much to do so little time  :'(

[fortnox007]

Lol this is more addictive than a video game. New Quests every day

-edit: oh those filters (certainly the validate ones) are pretty awesome.