php sanitize post data code example

Example 1: sanitize form data php

# sanitize form data
function clean($data)
{
    $data = htmlspecialchars($data);
    $data = stripslashes($data);
    $data = trim($data);
    return $data;
}

Example 2: php filters

#Filter Validation

<?php
    //checks for posted data
    /*
    if(filter_has_var(INPUT_POST,'data')){
        echo 'Data Found';
    }else{
        echo 'No Data';
    }
    */
    if(filter_has_var(INPUT_POST,'data')){
        //remove illegal chars
        $email = $_POST['data'];
        $email = filter_var($email, FILTER_SANITIZE_EMAIL);
        echo $email.'<br>';

     //validate as an email address
     if(filter_input(INPUT_POST, 'data', FILTER_VALIDATE_EMAIL)){
        echo 'Email is Valid';
     }else{
        echo 'Email is not Valid';
     }
    
     //we can use the below if we use the sanatizer above
     if(filter_var($email, FILTER_VALIDATE_EMAIL)){
        echo 'Email is Valid';
     }else{
        echo 'Email is not Valid';
    }
}
    #Other Validations
    #FILTER_VALIDATE_BOOLEAN
    #FILTER_VALIDATE_EMAIL
    #FILTER_VALIDATE_FLOAT
    #FILTER_VALIDATE_INT
    #FILTER_VALIDATE_IP
    #FILTER_VALIDATE_REGEXP  'REGULAR EXPRESSION'
    #FILTER_VALIDATE_URL

    #Other sanatizes
    #FILTER_SANATIZE_EMAIL
    #FILTER_SANATIZE_ENCODED
    #FILTER_SANATIZE_NUMBER_FLOAT
    #FILTER_SANATIZE_NUMBER_INT
    #FILTER_SANATIZE_SPECIAL_CHARS
    #FILTER_SANATIZE_STRING
    #FILTER_SANATIZE_URL

    //EXAMPLE int VALIDATION
    $var = 'john';
    if(filter_var($var, FILTER_VALIDATE_INT)){
        echo '<br>'.$var.' is a number<br>';
    }else{
        echo '<br>'.$var.' is not a number'.'<br>';
    }

    //EXAMPLE int Sanitazion
    $var2 = '33k2dsdffgsdf3563sdf';
    var_dump(filter_var($var2, FILTER_SANITIZE_NUMBER_INT));

    //ARRAY USAGE
    $filters = array(
        "data" => FILTER_VALIDATE_EMAIL,
        "data2" => array(
            "filter" => FILTER_VALIDATE_INT,
            "options" => array(
                "min_range" => 1,
                "max_range" => 100
        )
        )
    );
    print_r(filter_input_array(INPUT_POST, $filters));

?>

<form method ="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
    <input type="text" name="data">
    <input type="text" name="data2">
    <button type="submit">Submit</button>
</form>

Example 3: php sanitize $POST

//If the type of each of your input variables is a string and 
//you want to sanitize them all at once, you can use:
$_GET   = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST  = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
//or 
filter_var($_POST['message'], FILTER_SANITIZE_STRING);
//or
function util_array_trim(array &$array, $filter = false)
{
    array_walk_recursive($array, function (&$value) use ($filter) {
        $value = trim($value);
        if ($filter) {
            $value = filter_var($value, FILTER_SANITIZE_STRING);
        }
    });

    return $array;
}

Tags:

Php Example