Class Sanitize
Data Sanitization.
Removal of alpahnumeric characters, SQL-safe slash-added strings, HTML-friendly strings, and all of the above on arrays.
Copyright: Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
License: The MIT License
Location: sanitize.php
Method Summary
-
clean() public
Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters: odd_spaces, encode, dollar, carriage, unicode, escape, backslash.
-
escape() public
Makes a string SQL-safe. -
formatColumns() public
Formats column data from definition in DBO's $columns array -
html() public
Returns given string safe for display as HTML. Renders entities. -
paranoid() public
Removes any non-alphanumeric characters. -
stripAll() public
Strips extra whitespace, images, scripts and stylesheets from output -
stripImages() public
Strips image tags from output -
stripScripts() public
Strips scripts and stylesheets from output -
stripTags() public
Strips the specified tags from output. First parameter is string from where to remove tags. All subsequent parameters are tags.
-
stripWhitespace() public
Strips extra whitespace from output
Method Detail
clean() public ¶
clean( mixed $data , mixed $options = array() )
Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters: odd_spaces, encode, dollar, carriage, unicode, escape, backslash.
Parameters
- mixed $data
- Data to sanitize
- mixed $options optional array()
- If string, DB connection being used, otherwise set of options
Returns
Sanitized data
escape() public ¶
escape( string $string , string $connection = 'default' )
Makes a string SQL-safe.
Parameters
- string $string
- String to sanitize
- string $connection optional 'default'
- Database connection being used
Returns
SQL safe string
formatColumns() public ¶
formatColumns( Model $model )
Formats column data from definition in DBO's $columns array
Parameters
-
Model$model - The model containing the data to be formatted
html() public ¶
html( string $string , boolean $remove = false )
Returns given string safe for display as HTML. Renders entities.
Parameters
- string $string
- String from where to strip tags
- boolean $remove optional false
- If true, the string is stripped of all HTML tags
Returns
Sanitized string
paranoid() public ¶
paranoid( string $string , $allowed = array() )
Removes any non-alphanumeric characters.
Parameters
- string $string
- String to sanitize
- $allowed optional array()
Returns
Sanitized string
stripAll() public ¶
stripAll( string $str )
Strips extra whitespace, images, scripts and stylesheets from output
Parameters
- string $str
- String to sanitize
Returns
sanitized string
stripImages() public ¶
stripImages( string $str )
Strips image tags from output
Parameters
- string $str
- String to sanitize
Returns
Sting with images stripped.
stripScripts() public ¶
stripScripts( string $str )
Strips scripts and stylesheets from output
Parameters
- string $str
- String to sanitize
Returns
String with