XSS filtering function in PHP

by

Simple way? Use strip_tags():

$str = strip_tags($input);

You can also use filter_var() for that:

$str = filter_var($input, FILTER_SANITIZE_STRING);

The advantage of filter_var() is that you can control the behaviour by, for example, stripping or encoding low and high characters.

Here is a list of sanitizing filters.

More Related Contents:

  1. How to prevent injection when user is supplying an arbitrary URL parameter?
  2. xss attack on a php page
  3. How can I sanitize user input with PHP?
  4. How to prevent XSS with HTML/PHP?
  5. What are the best PHP input sanitizing functions?
  6. What are the best practices for avoiding xss attacks in a PHP site [closed]
  7. The ultimate clean/secure function
  8. Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
  9. How to filter an array by a condition
  10. PHP_SELF and XSS
  11. Constant FILTER_SANITIZE_STRING is deprecated
  12. Best way to defend against mysql injection and cross site scripting
  13. How can I properly escape HTML form input default values in PHP?
  14. CodeIgniter – why use xss_clean
  15. How do you set up use HttpOnly cookies in PHP
  16. Prevent XSS with strip_tags()?
  17. htmlspecialchars vs htmlentities when concerned with XSS
  18. Protection against XSS exploits?
  19. Keep array rows where a column value is found in a second flat array
  20. Project Links do not work on Wamp Server
  21. How to save a PNG image server-side, from a base64 data URI
  22. PHP Warning: PHP Startup: Unable to load dynamic library
  23. Using sessions & session variables in a PHP Login Script
  24. PHP session side-effect warning with global variables as a source of data
  25. Coalesce function for PHP?
  26. Getting HTTP code in PHP using curl
  27. Asynchronous Function Call in PHP
  28. Redirect after Login on WordPress
  29. How to remove an HTML element using the DOMDocument class
  30. fwrite() and UTF8

Leave a Comment