Hi, > FILTER_SANITIZE_ENCODED > FILTER_SANITIZE_SPECIAL_CHARS
See https://www.php.net/manual/en/function.filter-input.php <https://www.php.net/manual/en/function.filter-input.php> Example #1 for an example of use. Apparently, “escaping” is considered as part of “sanitizing”? If you want to educate your users, you can consider to deprecate them in favor of FILTER_DEFAULT followed by `urlencode()`, respectively `htmlspecialchars()`. Ditto for various other FILTER_SANITIZE_* filters. > FILTER_UNSAFE_RAW My wild guess is that “unsafe” means that “it is dangerous to use the result in random contexts (i.e., without properly escaping it, because we assume that you don’t even know what “escape” means). Use FILTER_SANITIZE_ENCODED, FILTER_SANITIZE_SPECIAL_CHARS and/or FILTER_SANITIZE_MAGIC_QUOTES if you want to be safe” (for some nonstandard definition of “safe”). Of course, it should be renamed, because “safety” may be achieved by alternative means. —Claude
