Jump to content

Sanitize Function


AndyXS

Recommended Posts

I have not used filters or sanitize before so am I on the right lines with this...

// Sanitize Bad URLS
function sanitize_url($string)
{
$string = filter_var($string, FILTER_SANITIZE_URL);
return $string;
}

// Sanitize Bad Email Addresses
function sanitize_email($string)
{
$string = filter_var($string, FILTER_SANITIZE_EMAIL);
return $string;	
}

// Sanitize Bad Integer
function sanitize_int($string)
{
$string = filter_var($string, FILTER_SANITIZE_NUMBER_INT);
return $string;
}

 

 

For example if $_POST['email'] is set to john`/\'@smit&*^%$£!h.com

Then I run $email = sanitize_email($_POST['email']);, would this return the email [email protected].

 

I have here email, integer, url.

How do I do a general string for example "Name" or "Address" ?

Link to comment
https://forums.phpfreaks.com/topic/180034-sanitize-function/
Share on other sites

The email filter will only remove the forward- and backslash characters* from that address. All it does is remove disallowed characters from the string, it makes no attempt to validate it (which can be done with FILTER_VALIDATE_EMAIL). Characters that will not get deleted by the sanitizing filter are a-zA-Z0-9"!#$%&'*+-=?^_`{|}~@.[]

 

* the forward slash / was only disallowed very recently so is likely to be allowed by your version of PHP.

 

As for "Name" or "Address" there is no universal pattern to those, it is up to you to decide what you want to allow for those types of values.

 

Link to comment
https://forums.phpfreaks.com/topic/180034-sanitize-function/#findComment-949823
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.