Class Sanitize
Data Sanitization.
Removal of alphanumeric characters, SQL-safe slash-added strings, HTML-friendly strings, and all of the above on arrays.
Deprecated: 3.0.0 Deprecated since version 2.4
Copyright: Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
License: MIT License
Location: Cake/Utility/Sanitize.php
Method Summary
-
Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters:
- Makes a string SQL-safe.
- Returns given string safe for display as HTML. Renders entities.
- Removes any non-alphanumeric characters.
- Strips extra whitespace, images, scripts and stylesheets from output
- Strips image tags from output
- Strips scripts and stylesheets from output
-
Strips the specified tags from output. First parameter is string from where to remove tags. All subsequent parameters are tags.
- Strips extra whitespace from output
Method Detail
clean()source public static
clean( string|array $data , string|array $options array() )
Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters:
- odd_spaces - removes any non space whitespace characters
- encode - Encode any html entities. Encode must be true for the
remove_htmlto work. - dollar - Escape
$with\$ - carriage - Remove
\r - unicode -
- escape - Should the string be SQL escaped.
- backslash -
- remove_html - Strip HTML with strip_tags.
encodemust be true for this option to work.
Parameters
- string|array
$data - Data to sanitize
- string|array
$optionsoptional array() - If string, DB connection being used, otherwise set of options
Returns
mixedSanitized data
escape()source public static
escape( string $string , string $connection 'default' )
Makes a string SQL-safe.
Parameters
- string
$string - String to sanitize
- string
$connectionoptional 'default' - Database connection being used
Returns
stringSQL safe string
html()source public static
html( string $string , array $options array() )
Returns given string safe for display as HTML. Renders entities.
strip_tags() does not validating HTML syntax or structure, so it might strip whole passages with broken HTML.
Options:
- remove (boolean) if true strips all HTML tags before encoding
- charset (string) the charset used to encode the string
- quotes (int) see http://php.net/manual/en/function.htmlentities.php
- double (boolean) double encode html entities
Parameters
- string
$string - String from where to strip tags
- array
$optionsoptional array() - Array of options to use.
Returns
stringSanitized string
paranoid()source public static
paranoid( string $string , array $allowed array() )
Removes any non-alphanumeric characters.
Parameters
- string
$string - String to sanitize
- array
$allowedoptional array() - An array of additional characters that are not to be removed.
Returns
stringSanitized string
stripAll()source public static
stripAll( string $str )
Strips extra whitespace, images, scripts and stylesheets from output
Parameters
- string
$str - String to sanitize
Returns
stringsanitized string
stripImages()source public static
stripImages( string $str )
Strips image tags from output
Parameters
- string
$str - String to sanitize
Returns
stringSting with images stripped.
stripScripts()source public static
stripScripts( string $str )
Strips scripts and stylesheets from output
Parameters
- string
$str - String to sanitize
Returns
stringString with ,
© 2005–2016 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
http://api.cakephp.org/2.8/class-Sanitize.html