Santize - Section 2 - "paranoid"

9 views
Skip to first unread message

Langdon Stevenson

unread,
Aug 13, 2007, 8:04:26 PM8/13/07
to cakeph...@googlegroups.com
Please find below a revision of Section 2 - Paranoid from the Sanitize
manual chapter.


Original: http://manual.cakephp.org/chapter/sanitize

Revision:
======================================================
Section 2

Making Data Safe for use in SQL and HTML

This section explains how to use some of the functions that Sanitize offers.

* paranoid
* string $string
* array $allowedChars

This function strips anything out of the target $string that is not a
plain-jane alphanumeric character.

$badString = "<script>nasty code</script>Special characters: ;@#&!"

echo $mrClean->paranoid($badString);

// output: scriptnasty codescriptSpecial characters

You can, however, let it overlook certain characters by passing them
along inside the $allowed array.

$badString = "<script>nasty code</script>Special characters: ;@#&!"

echo $mrClean->paranoid($badString, array(' ', '@', ':', '/', '&', '!'));

// output: scriptnasty code/scriptSpecial characters: @&!
======================================================

I have broken the original example up into two separate examples as I
found the original a bit too much to take in in one go.

Comments appreciated.

Regards,
Langdon

Reply all
Reply to author
Forward
0 new messages