fun@fun.com';
$val= 'fun@fun.com';
if (filter_var($val,FILTER_VALIDATE_EMAIL))
echo "$val passes as valid email";
else
echo "$val does not pass as valid email";
echo "
\n";
$evil= '';
echo "Here is the evil code : $evil\n";
echo "
\n";
$good= htmlspecialchars($evil, ENT_QUOTES, 'UTF-8');
//$good= filter_var($evil,FILTER_SANITIZE_FULL_SPECIAL_CHARS);
echo "Here is the evil code made safe: $good\n";
$formval= "Here's the deal";
$query= "INSERT INTO fun VALUES('$formval')";
echo "Here is the query: $query
\n";
$cleanformval= pg_escape_string($formval);
$cleanquery= "INSERT INTO fun VALUES('$cleanformval')";
echo "Here is the clean query: $cleanquery
\n";