Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

problem on phalcon's sanitize

Faced with a problem on phalcon's sanitize data function

sanitize("Мар'яна", 'string');

produces Мар'яна

but in php5.5 htmlspecialchars

htmlspecialchars("Мар'яна", ENT_QUOTES)

produces Мар'яна

some more description on a problem in older php versions http://ua2.php.net/manual/ru/function.htmlspecialchars-decode.php#82133

Is this a bug or how do I get same result with phalcon sanitize as with htmlspecialchars?



84.4k
Accepted
answer
edited Jul '14

Not a bug definitely, sanitize("value", "string"); does not use htmlspecialchars it uses filter_var($value, FILTER_SANITIZE_STRING) which have a different behavior:



1.2k
1. var_dump(filter_var("'", FILTER_SANITIZE_STRING));
2. var_dump(htmlspecialchars("'", ENT_QUOTES));
3. var_dump(htmlspecialchars_decode("'", ENT_QUOTES));
4. var_dump(htmlspecialchars_decode("'", ENT_QUOTES));

1. string(5) "'"
2. string(6) "'"
3. string(5) "'"
4. string(6) "'"

two char codes for one " ' " symbol not as obvious fo me as it is