Php sanitize string international characters


I am looking at sanitizing international characters strings - like Chinese, English German etc

Any suggestions for a post variable like $_POST[‘sample_string’]

There seems to be a lot different approaches and I am curious to k ow some thoughts from here.


What do you mean by “sanitize” and exactly how is this data being used? Is it stored to a DB? Does it go straight to an email? Is it displayed on a page???

1 Like

Ohhh good point

My point of approach was based on the idea of user inputted data. That was the criteria. If so ,
I had planned to just ensure all the data was the stripped of dangerous characters.

Ultimately this site will need to deal with all three types.

So perhaps using those three points is a better approach.

I presume they would all three have different requirements?

Is it possible for the pint of expediency just treat them the same and use one function?

You should treat every destination extra.

sanitize for DB: Prepared Statements
sanitize for HTML: htmlspecialchars, template engines may support you
sanitize for email: maybe the same as for HTML on bodys, use something like PHPMailer that does it for your headers

1 Like

Ok so I sanitize with prepared statements, I do htmentities and I use a mailer program with headers.

So I don’t need the php-validate string functions unless say I want something to specifically be an int or like a password to have a specific character configuration?

You always sanitize against a specific context. Without a context it’s just convention/configuration, definition, specification, or whatever you want it to be.



This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.