发表新帖
发表新帖

What does FILTER_SANITIZE_STRING do?

前端 未结
关注
2 677
清酒与你
清酒与你 2020-11-28 06:39

There\'s like a million Q&A that explain the options like FILTER_FLAG_STRIP_LOW, but what does FILTER_SANITIZE_STRING do on its own, without an

2条回答
  • 一生所求
    一生所求 (楼主)
    2020-11-28 07:41

    I wasn't sure if "stripping tags" means just the < > characters, and if it preserves content between tags, e.g. the string "Hello!" from Hello!, so I decided to check. Here are the results, using PHP 7.1.5 (and Bash for the command line):

    curl --data-urlencode 'my-input='\
'1. ASCII b/n 32 and 127: ABC abc 012 '\
'2. ASCII higher than 127: Çüé '\
'3. PHP tag:  '\
'4. HTML tag:  '\
'5. Ampersand: & '\
'6. Backtick: ` '\
'7. Double quote: " '\
'8. Single quote: '"'" \
http://localhost/sanitize.php
      • sanitize.php:
      • output: 1. ASCII b/n 32 and 127: ABC abc 012 2. ASCII higher than 127: Çüé 3. PHP tag: 4. HTML tag: var i = 0; 5. Ampersand: & 6. Backtick: ` 7. Double quote: " 8. Single quote: '
      • sanitize.php:
      • output: 1. ASCII b/n 32 and 127: ABC abc 012 2. ASCII higher than 127: Çüé 3. PHP tag: 4. HTML tag: var i = 0; 5. Ampersand: & 6. Backtick: ` 7. Double quote: " 8. Single quote: '
      • sanitize.php:
      • output: 1. ASCII b/n 32 and 127: ABC abc 012 2. ASCII higher than 127: 3. PHP tag: 4. HTML tag: var i = 0; 5. Ampersand: & 6. Backtick: ` 7. Double quote: " 8. Single quote: '
      • sanitize.php:
      • output: 1. ASCII b/n 32 and 127: ABC abc 012 2. ASCII higher than 127: Çüé 3. PHP tag: 4. HTML tag: var i = 0; 5. Ampersand: & 6. Backtick: 7. Double quote: " 8. Single quote: '
      • sanitize.php:
      • output: 1. ASCII b/n 32 and 127: ABC abc 012 2. ASCII higher than 127: Çüé 3. PHP tag: 4. HTML tag: var i = 0; 5. Ampersand: & 6. Backtick: ` 7. Double quote: " 8. Single quote: '
      • sanitize.php:
      • output: 1. ASCII b/n 32 and 127: ABC abc 012 2. ASCII higher than 127: Çüé 3. PHP tag: 4. HTML tag: var i = 0; 5. Ampersand: & 6. Backtick: ` 7. Double quote: " 8. Single quote: '

    Also, for the flags FILTER_FLAG_STRIP_LOW & FILTER_FLAG_ENCODE_LOW, since my Bash doesn't display these characters, I checked using the bell character (, ASCII 007) and Restman Chrome extension that:

    • without either of these flags, the character is preserved
    • with FILTER_FLAG_STRIP_LOW, it is removed
    • with FILTER_FLAG_ENCODE_LOW, it is encoded to 

    0 讨论(0)
 看不清?
提交回复
热议问题