What are some good PHP html (input) sanitizers?
Preferably, if something is built in - I'd like to us that.
UPDATE:
Per the request, via comments, input should not allow HTML (and obviously prevent XSS & SQL Injection, etc).
What are some good PHP html (input) sanitizers?
Preferably, if something is built in - I'd like to us that.
UPDATE:
Per the request, via comments, input should not allow HTML (and obviously prevent XSS & SQL Injection, etc).
I've always used PHP's addslashes() and stripslashes() functions, but I also just saw the built-in filter_var() function (link). Looks like there are quite a few built-in filters.
html purifier -> http://htmlpurifier.org/
If you want to run a query that use let's say
$_GET['user']
a nice solution would be to do something like this using mysql_real_escape_string():If you want to store a text in a database and then print it on a web page, consider use htmlentities
[Edit]Or as awshepard said, you can use addslashes() and stripslashes() functions[/Edit]
Here is a little example of sanitization when it comes to prevent XSS attacks:
use
and functions are below, almost sanitize everthing u need
Remember : it will not sanitize multidimensional array, u need to modify it recursively.