Can someone recommend an up to date library for data Sanitization in PHP ?
I am looking for a library that proposes a set of functions for data sanitization. Email validation/sanitization (remove those %0A, \r...), strip htlm (stripslashes(htmlentities), remove script, SQL injection … any form of exploit related to data submitted by users.
CakePHP sanitization class (not the "framework") looks nice.. ?
Check out PHP Filter
$firstName = $_POST['fname'];
$new_string = filter_var($firstName, FILTER_SANITIZE_STRING);
echo $new_string;
CakePHP is a framework, not a sanitation library.
It's probably easier to just write your own sanitization functions.
There is no such thing as data sanitization. Data isn't dangerous on it self - it's the context in which it's used, that makes it safe or unsafe. That means that it is pointless to try and validate/sanitize data on entry. Instead, your should escape it properly on output. See also my answer here.
For filtering out xss attacks when you need to preserve html markup: htmlpurifier
If you don't need to keep html markup, you can use htmlspecialchars or htmlentities
来源:https://stackoverflow.com/questions/841152/data-sanitization-in-php