string to md5 hash in class using FILTER_SANITIZE_STRING

Question

Question: Why don't these match on output?

So I have been tracking down an issue that is causing me a lot of headache I can't figure out what is causing issues with passing a shortened version of MD5 hash that is sanatized with FILTER_SANITIZE_STRING

I know it seems strange that I sanitize a md5 hash but this class is not only used in this manner and I am trying to avoid making multiple methods to do the same thing.

class test {
public function select($match,$debug) {
        $match1 = filter_var($match, FILTER_SANITIZE_STRING);
        if ($debug == '1') {
            var_dump($match,$match1);
        }

}
}

$title = "April 2013"; // Example Title
$currentHUID = substr(md5($title), 0, 12); // Convert string to UID not for encryption just comparison first 12 char of MD5 Hash

$test = new test();
$test->select("'$currentHUID'",'1');

RESULTS: string(14) "'8860d4398c9b'" string(22) "'8860d4398c9b'"

Answer 1

You are sending single quotes with your value and these get encoded.

If you use:

$match1 = filter_var($match, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);

The result will be the same as the input.

Example.

Also see the manual.