Posted By

sadus on 11/06/10


Tagged

php data String clean sanitization


Versions (?)

Who likes this?

3 people have marked this snippet as a favorite

pytheas
mikael12
vehler


data sanitization


 / Published in: PHP
 

  1. function clean($string,$type){
  2. switch ($type){
  3. case "int":
  4. return filter_var(filter_var($string, FILTER_SANITIZE_NUMBER_INT), FILTER_VALIDATE_INT);
  5. case "string":
  6. return filter_var($string, FILTER_SANITIZE_STRING);
  7. case "sql":
  8. return mysql_real_escape_string($string);
  9. break;
  10. case "email":
  11. return filter_var(filter_var($string, FILTER_SANITIZE_EMAIL), FILTER_VALIDATE_EMAIL);
  12. break;
  13. case "url":
  14. return filter_var(filter_var($string, FILTER_SANITIZE_URL), FILTER_VALIDATE_URL);
  15. break;
  16. case "ip":
  17. return filter_var(filter_var($string, FILTER_SANITIZE_IP), FILTER_VALIDATE_IP);
  18. break;
  19. default:
  20. return 0;
  21. break;
  22. }
  23. }

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: sadus on November 6, 2010

Usage is pretty straight forward:

Email: clean($_POST['email'], EMAIL);

URL: clean($_POST['url'], URL);

Posted By: mikael12 on November 7, 2010

Thx. URL has missing _var

Posted By: sadus on November 12, 2010

thanks, fixed

Posted By: adkatrit on February 17, 2011

Note: mysqlrealescape_string() does not escape % and _. These are wildcards in MySQL if combined with LIKE, GRANT, or REVOKE.

You need to login to post a comment.