You can use it like this for filtering
<?php
$badSearchInput = 'Domain\username';
$escapedSearchInput = ldap_escape($badSearchInput, null, LDAP_ESCAPE_FILTER);
?>
(PHP 5 >= 5.6.0, PHP 7)
ldap_escape — Escape a string for use in an LDAP filter or DN
$value
[, string $ignore = ""
[, int $flags = 0
]] ) : string
Escapes value for use in the context implied by
flags.
valueThe value to escape.
ignoreCharacters to ignore when escaping.
flags
The context the escaped string will be used in:
LDAP_ESCAPE_FILTER for filters to be used with
ldap_search(), or
LDAP_ESCAPE_DN for DNs.
If neither flag is passed, all chars are escaped.
Returns the escaped string.
When building an LDAP filter, you should use ldap_escape with LDAP_ESCAPE_FILTER flag.
Example #1 Searching for an email address
<?php
// $ds is a valid link identifier for a directory server
// $mail is an email address provided by the user in a form
$base = "o=My Company, c=US";
$filter = "(mail=".ldap_escape($mail, "", LDAP_ESCAPE_FILTER).")";
$sr = ldap_search($ds, $base, $filter, array("sn", "givenname", "mail"));
$info = ldap_get_entries($ds, $sr);
echo $info["count"]." entries returned\n";
?>
You can use it like this for filtering
<?php
$badSearchInput = 'Domain\username';
$escapedSearchInput = ldap_escape($badSearchInput, null, LDAP_ESCAPE_FILTER);
?>