filter_var() function

Returns the input string filtered into the required typ, or FALSE if it was unable to perform the sanitization (e.g. due to illegal characters etc)

  if ( ($MyVariable = filter_var($EnteredEmail, FILTER_SANITIZE_EMAIL)) !== False )

See here for all the available filter options.

Example – INT
  if ( ($MyVariable = filter_var($SourceValue, FILTER_VALIDATE_INT, ["options" => ["min_range" => 18, "max_range" => 124]])) !== False )


Sanitising for HTML from a form POST

If server magic quotes is turned on then it will add / before a single and double quotes in the text, so strip them out first:

  $MyTextField = trim($_POST['MyTextField']);
  $MyTextField = stripslashes($MyTextField);
  $MyTextField = htmlspecialchars($MyTextField, ENT_QUOTES);

\n new line characters will still be stored as \n (htmlspecialchars() doens’t convert them to <be>). You can convert them now using nl2br() or when you display the text again (usually better to do when displaying as HTML, not when storing to db).

When outputting multiline text – Convert \n character to <br> when displaying text within page html output
  $MyTextField = Results['MyTextField'];
  $MyTextField = nl2br($MyTextField);    //Convert '\n' to <br>
Removing new lines in a text box
$MyText = str_replace("\r\n"," ", $MyText);
$MyText = str_replace("\n"," ", $MyText);
Removing other characters
  $MyTextField = str_replace("\t"," ", $MyTextField);

Other slashes functions that are available

Feel free to comment if you can add help to this page or point out issues and solutions you have found. I do not provide support on this site, if you need help with a problem head over to stack overflow.


Your email address will not be published.