fun@fun.com'; $val= 'fun@fun.com'; if (filter_var($val,FILTER_VALIDATE_EMAIL)) echo "$val passes as valid email"; else echo "$val does not pass as valid email"; echo "
\n"; $evil= ''; echo "Here is the evil code : $evil\n"; echo "
\n"; $good= htmlspecialchars($evil, ENT_QUOTES, 'UTF-8'); //$good= filter_var($evil,FILTER_SANITIZE_FULL_SPECIAL_CHARS); echo "Here is the evil code made safe: $good\n"; $formval= "Here's the deal"; $query= "INSERT INTO fun VALUES('$formval')"; echo "Here is the query: $query
\n"; $cleanformval= pg_escape_string($formval); $cleanquery= "INSERT INTO fun VALUES('$cleanformval')"; echo "Here is the clean query: $cleanquery
\n";