Sanitize - CakePHP API

Sanitize Class Info:

Class Declaration:

class Sanitize

File name:

Description:

Data Sanitization.

Removal of alphanumeric characters, SQL-safe slash-added strings, HTML-friendly strings, and all of the above on arrays.

Package: Cake.Utility

Method Summary:

clean( $data, $options = array ( ) )
escape( $string, $connection = 'default' )
html( $string, $options = array ( ) )
paranoid( $string, $allowed = array ( ) )
stripAll( $str )
stripImages( $str )
stripScripts( $str )
stripTags( $str )
stripWhitespace( $str )

clean

top

Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters:

odd_spaces - removes any non space whitespace characters
encode - Encode any html entities. Encode must be true for the remove_html to work.
dollar - Escape $ with \$
carriage - Remove \r
unicode -
escape - Should the string be SQL escaped.
backslash -
remove_html - Strip HTML with strip_tags. encode must be true for this option to work.

Parameters:

mixed $data required

Data to sanitize
mixed $options optional array ( )

If string, DB connection being used, otherwise set of options

Method defined in:

Cake/Utility/Sanitize.php on line 210

Return: mixed Sanitized data

escape

top

Makes a string SQL-safe.

Parameters:

string $string required

String to sanitize
string $connection optional 'default'

Database connection being used

Method defined in:

Cake/Utility/Sanitize.php on line 67

Return: string SQL safe string

html

top

Returns given string safe for display as HTML. Renders entities.

strip_tags() does not validating HTML syntax or structure, so it might strip whole passages with broken HTML.

Options:

remove (boolean) if true strips all HTML tags before encoding
charset (string) the charset used to encode the string
quotes (int) see http://php.net/manual/en/function.htmlentities.php
double (boolean) doube encode html entities

Parameters:

string $string required

String from where to strip tags
array $options optional array ( )

Array of options to use.

Method defined in:

Cake/Utility/Sanitize.php on line 100

Return: string Sanitized string

paranoid

top

Removes any non-alphanumeric characters.

Parameters:

string $string required

String to sanitize
array $allowed optional array ( )

An array of additional characters that are not to be removed.

Method defined in:

Cake/Utility/Sanitize.php on line 41

Return: string Sanitized string

stripAll

top

Strips extra whitespace, images, scripts and stylesheets from output

Parameters:

string $str required

String to sanitize

Method defined in:

Cake/Utility/Sanitize.php on line 164

Return: string sanitized string

stripImages

top

Strips image tags from output

Parameters:

string $str required

String to sanitize

Method defined in:

Cake/Utility/Sanitize.php on line 141

Return: string Sting with images stripped.

stripScripts

top

Strips scripts and stylesheets from output

Parameters:

string $str required

String to sanitize

Method defined in:

Cake/Utility/Sanitize.php on line 154

Return: string String with <script>, <style>, <link>, <img> elements removed.

stripTags

top

Strips the specified tags from output. First parameter is string from where to remove tags. All subsequent parameters are tags.

Ex.$clean = Sanitize::stripTags($dirty, 'b', 'p', 'div');

Will remove all <b>, <p>, and <div> tags from the $dirty string.

Parameters:

$str required

Method defined in:

Cake/Utility/Sanitize.php on line 182

Return: string sanitized String

stripWhitespace

top

Strips extra whitespace from output

Parameters:

string $str required

String to sanitize

Method defined in:

Cake/Utility/Sanitize.php on line 130

Return: string whitespace sanitized string

Sanitize Class Info:

Method Summary:

clean

escape

html

Options:

paranoid

stripAll

stripImages

stripScripts

stripTags

stripWhitespace

Class Index