Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP Building Websites with PHP Contact Form & Sending Email Sanitizing Form Data

Can we use FILTER_SANITIZE_SPECIAL_CHARS instead of FILTER_SANITIZE_STRING for $msg?

Hello guys! Before taking this course, i have already been to Building Basic Website with Alena Hooligan(soory, if it is wrong-typed) and there she gave an advice to use FILTER_SANITIZE_SPECIAL_CHARS for <textarea> in order to prevent any kind of mischievous user input? How do you think is it more correct to use FILTER_SANITIZE_SPECIAL_CHARS instead of FILTER_SANITIZE_STRING? Thanks for help!

1 Answer

Seth Kroger
Seth Kroger
56,407 Points

The difference in FILTER_SANITIZE_SPECIAL_CHARS and FILTER_SANITIZE_STRING is that they will treat embedded HTML in the input differently. FILTER_SANITIZE_SPECIAL_CHARS will leave the tags in place but turn the <> characters into &lt; and &gt;. FILTER_SANITIZE_STRING will strip the tags out leaving the just text inside the tags.