We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

problem on phalcon's sanitize

Faced with a problem on phalcon's sanitize data function

sanitize("Мар'яна", 'string');

produces Мар'яна

but in php5.5 htmlspecialchars

htmlspecialchars("Мар'яна", ENT_QUOTES)

produces Мар'яна

some more description on a problem in older php versions https://ua2.php.net/manual/ru/function.htmlspecialchars-decode.php#82133

Is this a bug or how do I get same result with phalcon sanitize as with htmlspecialchars?



98.9k
Accepted
answer
edited Jul '14

Not a bug definitely, sanitize("value", "string"); does not use htmlspecialchars it uses filter_var($value, FILTER_SANITIZE_STRING) which have a different behavior:



2.0k
1. var_dump(filter_var("'", FILTER_SANITIZE_STRING));
2. var_dump(htmlspecialchars("'", ENT_QUOTES));
3. var_dump(htmlspecialchars_decode("'", ENT_QUOTES));
4. var_dump(htmlspecialchars_decode("'", ENT_QUOTES));

1. string(5) "'"
2. string(6) "'"
3. string(5) "'"
4. string(6) "'"

two char codes for one " ' " symbol not as obvious fo me as it is