1 2 3 4 5
<?php $data = '" onclick="alert('Why it is not blocked?')'; echo filter_var ( $data, FILTER_SANITIZE_STRING);
1 2
Parse error: syntax error, unexpected T_STRING on line 3