Class Sanitize

Data Sanitization.

Removal of alphanumeric characters, SQL-safe slash-added strings, HTML-friendly strings, and all of the above on arrays.

Package: Cake\Utility
Deprecated: 3.0.0 Deprecated since version 2.4
Copyright: Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
License: MIT License
Location: Cake/Utility/Sanitize.php

Method Summary

  • clean() public static

    Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters:

  • escape() public static
    Makes a string SQL-safe.
  • html() public static
    Returns given string safe for display as HTML. Renders entities.
  • paranoid() public static
    Removes any non-alphanumeric characters.
  • stripAll() public static
    Strips extra whitespace, images, scripts and stylesheets from output
  • stripImages() public static
    Strips image tags from output
  • stripScripts() public static
    Strips scripts and stylesheets from output
  • stripTags() public static

    Strips the specified tags from output. First parameter is string from where to remove tags. All subsequent parameters are tags.

  • stripWhitespace() public static
    Strips extra whitespace from output

Method Detail

clean()source public static

clean( string|array $data , string|array $options array() )

Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters:

  • odd_spaces - removes any non space whitespace characters
  • encode - Encode any html entities. Encode must be true for the remove_html to work.
  • dollar - Escape $ with \$
  • carriage - Remove \r
  • unicode -
  • escape - Should the string be SQL escaped.
  • backslash -
  • remove_html - Strip HTML with strip_tags. encode must be true for this option to work.

Parameters

string|array $data
Data to sanitize
string|array $options optional array()
If string, DB connection being used, otherwise set of options

Returns

mixed
Sanitized data

escape()source public static

escape( string $string , string $connection 'default' )

Makes a string SQL-safe.

Parameters

string $string
String to sanitize
string $connection optional 'default'
Database connection being used

Returns

string
SQL safe string

html()source public static

html( string $string , array $options array() )

Returns given string safe for display as HTML. Renders entities.

strip_tags() does not validating HTML syntax or structure, so it might strip whole passages with broken HTML.

Options:

  • remove (boolean) if true strips all HTML tags before encoding
  • charset (string) the charset used to encode the string
  • quotes (int) see http://php.net/manual/en/function.htmlentities.php
  • double (boolean) double encode html entities

Parameters

string $string
String from where to strip tags
array $options optional array()
Array of options to use.

Returns

string
Sanitized string

paranoid()source public static

paranoid( string $string , array $allowed array() )

Removes any non-alphanumeric characters.

Parameters

string $string
String to sanitize
array $allowed optional array()
An array of additional characters that are not to be removed.

Returns

string
Sanitized string

stripAll()source public static

stripAll( string $str )

Strips extra whitespace, images, scripts and stylesheets from output

Parameters

string $str
String to sanitize

Returns

string
sanitized string

stripImages()source public static

stripImages( string $str )

Strips image tags from output

Parameters

string $str
String to sanitize

Returns

string
Sting with images stripped.

stripScripts()source public static

stripScripts( string $str )

Strips scripts and stylesheets from output

Parameters

string $str
String to sanitize

Returns

string
String with , ,

© 2005–2017 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/2.10/class-Sanitize.html