XSS filtering function in PHP

php filter xss
codecowboy picture codecowboy · Aug 26, 2009 · Viewed 104.3k times · Source

Does anyone know of a good function out there for filtering generic input from forms? Zend_Filter_input seems to require prior knowledge of the contents of the input and I'm concerned that using something like HTML Purifier will have a big performance impact.

What about something like : http://snipplr.com/view/1848/php--sacar-xss/

Many thanks for any input.

Answer

cletus picture cletus · Aug 26, 2009

Simple way? Use strip_tags():

$str = strip_tags($input);

You can also use filter_var() for that:

$str = filter_var($input, FILTER_SANITIZE_STRING);

The advantage of filter_var() is that you can control the behaviour by, for example, stripping or encoding low and high characters.

Here is a list of sanitizing filters.

Related questions

What are the best PHP input sanitizing functions?

I am trying to come up with a function that I can pass all my strings through to sanitize. So that the string that comes out of it will be safe for database insertion. But there are so many filtering …

Read More
str_replace in Twig

I want to do a simple str_replace in my twig template. I'm new to twig and probably I need to add new filter or sth like that or to use existing. How can I do this? Where can I …

Read More
How to filter an array by a condition

I have an array like this: array("a" => 2, "b" => 4, "c" => 2, "d" => 5, "e" => 6, "f" => 2) Now I want to filter that array by some condition and only keep the elements where the value is equal to 2 …

Read More