I am using a javascript date picker that allows the user to select a date. However, I would like to also sanitize the posted date data before entering into the database. I am not seeing any sanitize filter here: http://us2.php.net/manual/en/filter.filters.sanitize.php
What would be the best method to sanitize a date before entering into a database?
This would be the original value from the post:
$datepick = $_POST['date'];
// wich is 04/12/2014
Then I convert it for the database:
$date = date("Y-m-d", strtotime($datepick));
Thanks!
If your date is like "03/02/2014" then you can simply clean your variable by regexp:
$date = preg_replace("([^0-9/])", "", $_POST['date']);
This allows only digits (0-9) and fwd slash (/).
Formatting the date sanitizes it, because:
- If the formatter succeeds, then it will only be a date, with syntax controlled by the format string.
- If it fails, then FALSE is returned.
This is true of:
DateTime::format
DateTimeImmutable::format
DateTimeInterface::format
date_format()
Date($format, $date_string)
This expression can be used to support both 12/12/2016 and 12-12-1993 formats.
filter_var (preg_replace("([^0-9/] | [^0-9-])","",htmlentities($input)));
来源:https://stackoverflow.com/questions/23039207/sanitizing-a-date