Posted By

sadus on 11/06/10

Tagged

php data String clean sanitization

Versions (?)

Who likes this?

3 people have marked this snippet as a favorite

pytheas
mikael12
vehler

data sanitization

/ Published in: PHP

Expand | Embed | Plain Text

function clean($string,$type){
        switch ($type){
            case "int":
                return filter_var(filter_var($string, FILTER_SANITIZE_NUMBER_INT), FILTER_VALIDATE_INT);
            case "string":
                return filter_var($string, FILTER_SANITIZE_STRING);
            case "sql":
                return mysql_real_escape_string($string);
                break;
            case "email":
                return filter_var(filter_var($string, FILTER_SANITIZE_EMAIL), FILTER_VALIDATE_EMAIL);
                break;
            case "url":
                return filter_var(filter_var($string, FILTER_SANITIZE_URL), FILTER_VALIDATE_URL);
                break;
            case "ip":
                return filter_var(filter_var($string, FILTER_SANITIZE_IP), FILTER_VALIDATE_IP);
                break;
            default:
                return 0;
                break;
        }
    }

Report this snippet Tweet

Comments

Subscribe to comments

Posted By: sadus on November 6, 2010

Usage is pretty straight forward:

Email: clean($_POST['email'], EMAIL);

URL: clean($_POST['url'], URL);

Posted By: mikael12 on November 7, 2010

Thx. URL has missing _var

Posted By: sadus on November 12, 2010

thanks, fixed

Posted By: adkatrit on February 17, 2011

Note: mysqlrealescape_string() does not escape % and _. These are wildcards in MySQL if combined with LIKE, GRANT, or REVOKE.

Comment:

You need to login to post a comment.