Sanitize Function

[AndyXS]

I have not used filters or sanitize before so am I on the right lines with this...

// Sanitize Bad URLS
function sanitize_url($string)
{
$string = filter_var($string, FILTER_SANITIZE_URL);
return $string;
}

// Sanitize Bad Email Addresses
function sanitize_email($string)
{
$string = filter_var($string, FILTER_SANITIZE_EMAIL);
return $string;	
}

// Sanitize Bad Integer
function sanitize_int($string)
{
$string = filter_var($string, FILTER_SANITIZE_NUMBER_INT);
return $string;
}

 

 

For example if $_POST['email'] is set to john`/\'@smit&*^%$£!h.com

Then I run $email = sanitize_email($_POST['email']);, would this return the email [email protected].

 

I have here email, integer, url.

How do I do a general string for example "Name" or "Address" ?

[salathe]

The email filter will only remove the forward- and backslash characters* from that address. All it does is remove disallowed characters from the string, it makes no attempt to validate it (which can be done with FILTER_VALIDATE_EMAIL). Characters that will not get deleted by the sanitizing filter are a-zA-Z0-9"!#$%&'*+-=?^_`{|}~@.[]

 

* the forward slash / was only disallowed very recently so is likely to be allowed by your version of PHP.

 

As for "Name" or "Address" there is no universal pattern to those, it is up to you to decide what you want to allow for those types of values.

 

[cags]

Just remember apostrophe IS a valid character in a name, and most people use the single quote key rather than the apostrophe key when typing. Just thought I'd mention that because with an apostrophe in my surname this is a major pet peeve.