You've been downvoted but I completely agree. You cannot sanitize text for all p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wvenable on July 7, 2012 \| parent \| context \| favorite \| on: PHP: The Right Way You've been downvoted but I completely agree. You cannot sanitize text for all possible situations; you can only escape it depending on the output format (database, html, etc). These functions should be used to "validate" input rather than "filter" it.

LeonidasXIV on July 8, 2012 [–]

I absolutely hate how for example phpBB creates garbled bbcode in the database because they thought that they should filter it or something, instead of doing it on output now every consumer of the data has to unfuck the content, because they messed up.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact