Paul On Tue, Sep 18, 2012 at 7:32 AM, Paul Dragoonis <dragoo...@gmail.com> wrote:
> Hi Paddy, > > Couldn't this just be a new option for the filter_var() function? > > $clean = filter_var($_POST['someVar'], XSS_CLEAN); > > - Paul. Not without losing significant semantic meaning. There's a huge difference between filtering and escaping. Remember, Filter In, Escape Out. If you really wanted something like that, then perhaps add a escape_var extension. But I think the proposed API is better as it's more explicit. Anthony
