views:

1329

answers:

5

Can someone recommend an up to date library for data Sanitization in PHP ?

I am looking for a library that proposes a set of functions for data sanitization. Email validation/sanitization (remove those %0A, \r...), strip htlm (stripslashes(htmlentities), remove script, SQL injection … any form of exploit related to data submitted by users.

CakePHP sanitization class (not the "framework") looks nice.. ?

+4  A: 

Check out PHP Filter

Mike Curry
Or directly the official manual entry of PHP's Data Filtering: http://www.php.net/filter
Török Gábor
A: 

CakePHP is a framework, not a sanitation library.

It's probably easier to just write your own sanitization functions.

Joe Philllips
I was only going to use the sanitize.php file.
Fair enough, I didn't follow the link.
Joe Philllips
A: 

Zend Filter, Zend Filter Input and Zend_Validate

karim79
A: 

There is no such thing as data sanitization. Data isn't dangerous on it self - it's the context in which it's used, that makes it safe or unsafe. That means that it is pointless to try and validate/sanitize data on entry. Instead, your should escape it properly on output. See also my answer here.

troelskn
If you need to allow markup in input, but you don't want xss attacks, then it's not "pointless" to validate/sanitize data on entry. Why would you store dangerous input?
rick
I consider that an edge case and I'd use HtmlPurifier for that.
troelskn
A: 

For filtering out xss attacks when you need to preserve html markup: htmlpurifier

If you don't need to keep html markup, you can use htmlspecialchars or htmlentities

rick