Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Building Websites with PHP Contact Form & Sending Email Sanitizing Form Data

Can we use FILTER_SANITIZE_SPECIAL_CHARS instead of FILTER_SANITIZE_STRING for $msg?

Hello guys! Before taking this course, i have already been to Building Basic Website with Alena Hooligan(soory, if it is wrong-typed) and there she gave an advice to use FILTER_SANITIZE_SPECIAL_CHARS for <textarea> in order to prevent any kind of mischievous user input? How do you think is it more correct to use FILTER_SANITIZE_SPECIAL_CHARS instead of FILTER_SANITIZE_STRING? Thanks for help!

1 Answer

Seth Kroger
Seth Kroger
56,413 Points

The difference in FILTER_SANITIZE_SPECIAL_CHARS and FILTER_SANITIZE_STRING is that they will treat embedded HTML in the input differently. FILTER_SANITIZE_SPECIAL_CHARS will leave the tags in place but turn the <> characters into &lt; and &gt;. FILTER_SANITIZE_STRING will strip the tags out leaving the just text inside the tags.