As PHP 8.1.0 FILTER_SANITIZE_STRING is deprecated. Let’s see what function should you use instead.
What is FILTER_SANITIZE_STRING?
This sanitization filter allows you to strip tags and HTML-encode double and single quotes. You can also strip or encode special characters.ย
If you are using this on PHP 8.1.0 or above you will get a deprecated warning.
htmlspecialchars
The official PHP documentation recommends htmlspecialchars
instead of FILTER_SANITIZE_STRING
Let’s take a look at some examples
$string_1 = htmlspecialchars("<h2>some heading</h2>", ENT_QUOTES);
// <h2>some heading</h2>
$string_2 = html_entity_decode($string_1); // <h2>some heading</h2>
$string_3 = "<h2>some heading</h2>";
filter_var ( $string_3, FILTER_SANITIZE_STRING); // <h2>some heading</h2>
So if you want to sanitize a string and remove or encode HTML characters use htmlspecialchars
Further reading:
PHP official docs