wolfcry Posted January 11, 2012 Share Posted January 11, 2012 Hey all, While the filter itself is functioning properly, the flag doesn't seem to be. Here's how I have it set up: $UserInput = filter_var($UserInput , FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); // Test Format 1 $UserInput = filter_input(INPUT_POST, 'UserInput', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); // Test Format 2 As you can see, I have set up to test methods however, each one fails regarding the flag..or so it's seeming to me. FILTER_FLAG_STRIP_LOW is supposed to strip out anything > 32 in ascii, but it isn't. '&' (38) is greater than 32 but it still displays in the browser. Am I missing something here? Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 11, 2012 Share Posted January 11, 2012 Well, if you look at the user notes on the Sanitize filters manual page it looks like there is no consensus over what FILTER_FLAG_STRIP_LOW really does. http://www.php.net/manual/en/filter.filters.sanitize.php You might need to find an alternative function or build your own to do what you need. Quote Link to comment Share on other sites More sharing options...
wolfcry Posted January 11, 2012 Author Share Posted January 11, 2012 Hey Psycho, Yeah, I know. The manual is really dropping the ball on that one IMHO. I have done quite a bit of research into it and I believe w3schools did a short blurb on it but from what I do find, it's basically repeating what the manual says without going into much detail. Well, I guess it's preg_match() all over again lol. Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 11, 2012 Share Posted January 11, 2012 Hey Psycho, Yeah, I know. The manual is really dropping the ball on that one IMHO. I have done quite a bit of research into it and I believe w3schools did a short blurb on it but from what I do find, it's basically repeating what the manual says without going into much detail. Well, I guess it's preg_match() all over again lol. Well, what are you trying to achieve? Quote Link to comment Share on other sites More sharing options...
wolfcry Posted January 11, 2012 Author Share Posted January 11, 2012 Removing special characters such as & for instance. The filter flag was supposed to do that but I guess not. Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 11, 2012 Share Posted January 11, 2012 Wait, why would you think FILTER_FLAG_STRIP_LOW would strip out the ampersand? Per the manual FILTER_FLAG_STRIP_LOW will strip out characters less than 32. The ampersand is character 38 in the ASCII table. After a quick look at the ASCII table it look slike there are no "printable" characters that are less than 32 only white-space and control characters (line breaks, tabs, etc.). If it worked as you stated it should it would be stripping all the "printable" characters: letters, numbers, etc. http://www.php.net/manual/en/filter.filters.flags.php FILTER_FLAG_STRIP_LOW: Strips characters that has a numerical value <32 Quote Link to comment Share on other sites More sharing options...
wolfcry Posted January 12, 2012 Author Share Posted January 12, 2012 That's too funny lol. I must have pasted what I was currently working on which was there as a comparison test. Oy, it's going to be one of them days I'm actually using FILTER_FLAG_STRIP_HIGH which isn't working as it should. Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 12, 2012 Share Posted January 12, 2012 I'm actually using FILTER_FLAG_STRIP_HIGH which isn't working as it should. Really? You might want to take a look at an ASCII table (http://www.asciitable.com/). FILTER_FLAG_STRIP_HIGH is supposed to strip everything out with a character code > 127. Those characters are not ones you find on your keyboard. They include characters such as Ç, â, ▓, ¥, ½. The ampersand is character code 38 and would not be covered be either FILTER_FLAG_STRIP_LOW or FILTER_FLAG_STRIP_HIGH. I did some tests and both flags are working as I would expect. Quote Link to comment Share on other sites More sharing options...
wolfcry Posted January 12, 2012 Author Share Posted January 12, 2012 Yep, and thanks for the links but I really don't need them. If you re-read my OP you'll see that I already indicate the ASCII value of &, hence why I thought it wasn't working. In either case, I'm not sure why I thought that unless I read it wrong. I could have sworn I read an example with it saying all ASCII characters greater than 32 were stripped, but then again, I might have just gotten the greater than or less than signs reversed. Hmm, strange. I do know that FILTER_SANITIZE_SPECIAL_CHARS will encode those symbols but that's not what I'm looking to do because that's more of an output usage (equivalent to htmlentities() in my book). I simply want to strip them out completely. Oh well, I'll think of something. Quote Link to comment Share on other sites More sharing options...
kicken Posted January 12, 2012 Share Posted January 12, 2012 Decide which characters you'll allow then remove everything else using a regex. $re = '/[a-z0-9]/i'; $UserInput = preg_replace($re, '', $UserInput); Would allow only A-Z (upper and lower) and 0-9 Quote Link to comment Share on other sites More sharing options...
wolfcry Posted January 12, 2012 Author Share Posted January 12, 2012 Hey kicken, That's exactly what I ended up doing. Went the ole' regex route. Though, I have to admit, I was really excited when I "thought" I had read that a filter would do that for me without needing to write additional code. It's a cruel world Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.