php - Constant FILTER_SANITIZE_STRING is deprecated
Get the solution ↓↓↓I have installed PHP 8.1 and I started testing my old project. I have used the filterFILTER_SANITIZE_STRING
like so:
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
Now I get this error:
Deprecated: Constant FILTER_SANITIZE_STRING is deprecated
The same happens when I useFILTER_SANITIZE_STRIPPED
:
Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated
What can I replace it with?
Answer
Solution:
This was a filter of dubious purpose. It's difficult to say what it was meant to accomplish exactly or when it should be used. It was also confused with the default string filter, due to its name, when in reality the default string filter is calledFILTER_UNSAFE_RAW
. PHP community decided that the usage of this filter should not be supported anymore.
The behaviour of this filter was very unintuitive. It removed everything between<
and the end of the string or until the next>
. It also removed allNUL
bytes. Finally, it encoded'
and"
into their HTML entities.
If you want to replace it, you have a couple of options:
Use the default string filter
FILTER_UNSAFE_RAW
that doesn't do any filtering. This should be used if you had no idea about the behaviour ofFILTER_SANITIZE_STRING
and you just want to use a default filter that will give you the string value.If you used this filter to protect against XSS vulnerabilities, then replace its usage with
. Don't call this function on the input data. To protect against XSS you need to encode the output!
If you knew exactly what that filter does and you want to create a polyfill, you can do that easily with regex.
function filter_string_polyfill(string $string): string { $str = preg_replace('/\x00|<[^>]*>?/', '', $string); return str_replace(["'", '"'], [''', '"'], $str); }
Answer
Solution:
The closest constant you can use instead, if you intend to convert your variable in a safe html string, is FILTER_SANITIZE_FULL_SPECIAL_CHARS
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: php_network_getaddresses: getaddrinfo failed: temporary failure in name resolution
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.