filter_var() function
Returns the input string filtered into the required typ, or FALSE if it was unable to perform the sanitization (e.g. due to illegal characters etc)
if ( ($MyVariable = filter_var($EnteredEmail, FILTER_SANITIZE_EMAIL)) !== False )
See here for all the available filter options.
Example – INT
if ( ($MyVariable = filter_var($SourceValue, FILTER_VALIDATE_INT, ["options" => ["min_range" => 18, "max_range" => 124]])) !== False )
{
}
Sanitising for HTML from a form POST
If server magic quotes is turned on then it will add / before a single and double quotes in the text, so strip them out first:
$MyTextField = trim($_POST['MyTextField']);
$MyTextField = stripslashes($MyTextField);
$MyTextField = htmlspecialchars($MyTextField, ENT_QUOTES);
\n new line characters will still be stored as \n (htmlspecialchars() doesn’t convert them to <br>). You can convert them now using nl2br() or when you display the text again (usually better to do when displaying as HTML, not when storing to db).
$MyTextField = nl2br($MyTextField);
When outputting multiline text – Convert \n character to <br> when displaying text within page html output
$MyTextField = Results['MyTextField'];
$MyTextField = nl2br($MyTextField); //Convert '\n' to <br>
Removing new lines in a text box
$MyText = str_replace("\r\n"," ", $MyText);
$MyText = str_replace("\n"," ", $MyText);
Removing other characters
$MyTextField = str_replace("\t"," ", $MyTextField);
Other slashes functions that are available
stripcslashes()
