PHP input filtering library
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


A PHP input sanitizing library.



    # in essence
    $clean = sanitize($dirty, $type[, $default_value = null]);

    # various formats
    $a = sanitize($input, 'str');       # UTF-8 string
    $b = sanitize($input, 'str_multi'); # UTF-8 string allowing newlines
    $c = sanitize($input, 'int32');     # PHP's native int type
    $d = sanitize($input, 'int64');     # A 64bit number as a string
    $e = sanitize($input, 'html');      # HTML filtered by lib_filter
    $f = sanitize($input, 'bool');      # A boolean
    $g = sanitize($input, 'isset');     # True is the input was set
    $h = sanitize($input, 'rx', null, $rx); # Returns input it matches $rx (a preg regex)
    $i = sanitize($input, 'in', null, $in); # Returns input if it exists in array $in

    # GET & POST variables
    $a = get_bool('key_name');      # $_GET
    $b = post_int32('key_name');        # $_POST
    $c = request_str_multi('key_name'); # $_REQUEST

    # just care about strings?
    $a = sanitize_string($input, $allow_newlines);

    # the default mode - strip out bad UTF-8
    $GLOBALS['sanitize_mode'] = SANITIZE_INVALID_STRIP;

    # alternative mode - if the input isn't valid UTF-8, convert from anothr character set
    $GLOBALS['sanitize_convert_from'] = 'ISO-8859-1'; # Latin-1

    # alternative mode - if the input isn't valid UTF-8, throw an exception
    $GLOBALS['sanitize_mode'] = SANITIZE_INVALID_THROW;

    # if you know your input encoding, set it first (all input is converted to UTF-8)
    $GLOBALS['sanitize_input_encoding'] = 'SJIS'; # Shift-JIS

    # if you don't have mbstring, you can use iconv instead
    $GLOBALS['sanitize_extension'] = SANITIZE_EXTENSION_ICONV;

    # if you don't have iconv either, you can use pure php
    $GLOBALS['sanitize_extension'] = SANITIZE_EXTENSION_PHP;

    # iconv is the fastest, but supports less encodings and is broken on some platforms.
    # mbstring (the default) is still very fast and supports many encodings.
    # pure php mode only supports UTF-8 and ISO-8859-1 (Latin-1) and is very slow.

    # by default, the string filter will remove all 'unassigned' (property: Cn) unicode
    # characters. you may need to disable this if your PCRE library does not support
    # unicode properties (--enable-unicode-properties compilation flag)
    $GLOBALS['sanitize_strip_reserved'] = false;



By Cal Henderson