Data Sanitization in PHP

views:

1329

answers:

Data Sanitization in PHP

Can someone recommend an up to date library for data Sanitization in PHP ?

I am looking for a library that proposes a set of functions for data sanitization. Email validation/sanitization (remove those %0A, \r...), strip htlm (stripslashes(htmlentities), remove script, SQL injection … any form of exploit related to data submitted by users.

CakePHP sanitization class (not the "framework") looks nice.. ?

+4 A:

Check out PHP Filter

Mike Curry 2009-05-08 18:27:04

Or directly the official manual entry of PHP's Data Filtering: http://www.php.net/filter

Török Gábor 2009-05-08 18:29:03

CakePHP is a framework, not a sanitation library.

It's probably easier to just write your own sanitization functions.

Joe Philllips 2009-05-08 18:27:42

I was only going to use the sanitize.php file.

2009-05-08 18:30:25

Fair enough, I didn't follow the link.

Joe Philllips 2009-05-08 18:33:15

Zend Filter, Zend Filter Input and Zend_Validate

karim79 2009-05-08 18:28:17

There is no such thing as data sanitization. Data isn't dangerous on it self - it's the context in which it's used, that makes it safe or unsafe. That means that it is pointless to try and validate/sanitize data on entry. Instead, your should escape it properly on output. See also my answer here.

troelskn 2009-05-08 18:39:07

If you need to allow markup in input, but you don't want xss attacks, then it's not "pointless" to validate/sanitize data on entry. Why would you store dangerous input?

rick 2009-05-08 19:58:37

I consider that an edge case and I'd use HtmlPurifier for that.

troelskn 2009-05-08 21:59:46

For filtering out xss attacks when you need to preserve html markup: htmlpurifier

If you don't need to keep html markup, you can use htmlspecialchars or htmlentities

rick 2009-05-08 20:03:08

ansaurus

tags:

views:

answers:

Data Sanitization in PHP

related questions