Posted By

bitstream on 02/11/11


Tagged

sanitize


Versions (?)

Who likes this?

2 people have marked this snippet as a favorite

brownrl
mgerdt


sanitize functions


 / Published in: PHP
 

  1. /*
  2.   Sanitize class
  3.   Copyright (C) 2007 CodeAssembly.com
  4.  
  5.  
  6.   This program is free software: you can redistribute it and/or modify
  7.   it under the terms of the GNU General Public License as published by
  8.   the Free Software Foundation, either version 3 of the License, or
  9.   (at your option) any later version.
  10.  
  11.   This program is distributed in the hope that it will be useful,
  12.   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14.   GNU General Public License for more details.
  15.  
  16.  
  17.   You should have received a copy of the GNU General Public License
  18.   along with this program. If not, see http://www.gnu.org/licenses/
  19.  
  20. */
  21.  
  22. /**
  23.  * Sanitize only one variable .
  24.  * Returns the variable sanitized according to the desired type or true/false
  25.  * for certain data types if the variable does not correspond to the given data type.
  26.  *
  27.  * NOTE: True/False is returned only for telephone, pin, id_card data types
  28.  *
  29.  * @param mixed The variable itself
  30.  * @param string A string containing the desired variable type
  31.  * @return The sanitized variable or true/false
  32.  */
  33.  
  34. function sanitizeOne($var, $type) {
  35.  
  36. switch ( $type ) {
  37.  
  38. case 'int': // integer
  39. $var = (int) $var;
  40. break;
  41.  
  42. case 'str': // trim string
  43. $var = trim ( $var );
  44. break;
  45.  
  46. case 'nohtml': // trim string, no HTML allowed
  47. $var = htmlentities ( trim ( $var ), ENT_QUOTES );
  48. break;
  49.  
  50. case 'plain': // trim string, no HTML allowed, plain text
  51. $var = htmlentities ( trim ( $var ) , ENT_NOQUOTES ) ;
  52. break;
  53.  
  54. case 'upper_word': // trim string, upper case words
  55. $var = ucwords ( strtolower ( trim ( $var ) ) );
  56. break;
  57.  
  58. case 'ucfirst': // trim string, upper case first word
  59. $var = ucfirst ( strtolower ( trim ( $var ) ) );
  60. break;
  61.  
  62. case 'lower': // trim string, lower case words
  63. $var = strtolower ( trim ( $var ) );
  64. break;
  65.  
  66. case 'urle': // trim string, url encoded
  67. $var = urlencode ( trim ( $var ) );
  68. break;
  69.  
  70. case 'trim_urle': // trim string, url decoded
  71. $var = urldecode ( trim ( $var ) );
  72. break;
  73.  
  74. case 'telephone': // True/False for a telephone number
  75. $size = strlen ($var) ;
  76. for ($x=0;$x<$size;$x++) {
  77. if ( ! ( ( ctype_digit($var[$x] ) || ($var[$x]=='+') || ($var[$x]=='*') || ($var[$x]=='p')) ) ) {
  78. return false;
  79. }
  80. }
  81. return true;
  82. break;
  83.  
  84. case 'sql': // True/False if the given string is SQL injection safe
  85. // insert code here, I usually use ADODB -> qstr() but depending on your needs you can use mysql_real_escape();
  86. break;
  87.  
  88. }
  89. return $var;
  90. }
  91.  
  92.  
  93.  
  94.  
  95.  
  96. /**
  97.  * Sanitize an array.
  98.  *
  99.  * sanitize($_POST, array('id'=>'int', 'name' => 'str'));
  100.  * sanitize($customArray, array('id'=>'int', 'name' => 'str'));
  101.  *
  102.  * @param array $data
  103.  * @param array $whatToKeep
  104.  */
  105.  
  106. function sanitize( &$data, $whatToKeep ) {
  107.  
  108. $data = array_intersect_key( $data, $whatToKeep );
  109. foreach ($data as $key => $value) {
  110. $data[$key] = sanitizeOne( $data[$key] , $whatToKeep[$key] );
  111. }
  112. }

Report this snippet  

You need to login to post a comment.