CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Reporting Security Issues
    • Privacy Policy
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Get Involved
    • Issues (GitHub)
    • Bakery
    • Featured Resources
    • Training
    • Meetups
    • My CakePHP
    • CakeFest
    • Newsletter
    • Linkedin
    • YouTube
    • Facebook
    • Twitter
    • Mastodon
    • Help & Support
    • Forum
    • Stack Overflow
    • Slack
    • Paid Support
CakePHP

C CakePHP 1.3 API

  • Overview
  • Tree
  • Deprecated
  • Version:
    • 1.3
      • 4.2
      • 4.1
      • 4.0
      • 3.9
      • 3.8
      • 3.7
      • 3.6
      • 3.5
      • 3.4
      • 3.3
      • 3.2
      • 3.1
      • 3.0
      • 2.10
      • 2.9
      • 2.8
      • 2.7
      • 2.6
      • 2.5
      • 2.4
      • 2.3
      • 2.2
      • 2.1
      • 2.0
      • 1.3
      • 1.2

Classes

  • AclBase
  • AclBehavior
  • AclComponent
  • AclNode
  • AclShell
  • Aco
  • AcoAction
  • AjaxHelper
  • ApcEngine
  • ApiShell
  • App
  • AppController
  • AppHelper
  • AppModel
  • Aro
  • AuthComponent
  • BakeShell
  • BakeTask
  • BehaviorCollection
  • Cache
  • CacheEngine
  • CacheHelper
  • CakeErrorController
  • CakeLog
  • CakeRoute
  • CakeSchema
  • CakeSession
  • CakeSocket
  • ClassRegistry
  • Component
  • Configure
  • ConnectionManager
  • ConsoleShell
  • ContainableBehavior
  • Controller
  • ControllerTask
  • CookieComponent
  • DataSource
  • DbAcl
  • DbConfigTask
  • DboMssql
  • DboMysql
  • DboMysqlBase
  • DboMysqli
  • DboOracle
  • DboPostgres
  • DboSource
  • DboSqlite
  • Debugger
  • EmailComponent
  • ErrorHandler
  • ExtractTask
  • File
  • FileEngine
  • FileLog
  • FixtureTask
  • Folder
  • FormHelper
  • Helper
  • HtmlHelper
  • HttpSocket
  • I18n
  • I18nModel
  • I18nShell
  • Inflector
  • IniAcl
  • JavascriptHelper
  • JqueryEngineHelper
  • JsBaseEngineHelper
  • JsHelper
  • L10n
  • MagicDb
  • MagicFileResource
  • MediaView
  • MemcacheEngine
  • Model
  • ModelBehavior
  • ModelTask
  • MootoolsEngineHelper
  • Multibyte
  • NumberHelper
  • Object
  • Overloadable
  • Overloadable2
  • PagesController
  • PaginatorHelper
  • Permission
  • PluginShortRoute
  • PluginTask
  • ProjectTask
  • PrototypeEngineHelper
  • RequestHandlerComponent
  • Router
  • RssHelper
  • Sanitize
  • Scaffold
  • ScaffoldView
  • SchemaShell
  • Security
  • SecurityComponent
  • SessionComponent
  • SessionHelper
  • Set
  • Shell
  • String
  • TemplateTask
  • TestSuiteShell
  • TestTask
  • TextHelper
  • ThemeView
  • TimeHelper
  • TranslateBehavior
  • TreeBehavior
  • Validation
  • View
  • ViewTask
  • XcacheEngine
  • Xml
  • XmlElement
  • XmlHelper
  • XmlManager
  • XmlNode
  • XmlTextNode

Functions

  • mb_encode_mimeheader
  • mb_stripos
  • mb_stristr
  • mb_strlen
  • mb_strpos
  • mb_strrchr
  • mb_strrichr
  • mb_strripos
  • mb_strrpos
  • mb_strstr
  • mb_strtolower
  • mb_strtoupper
  • mb_substr
  • mb_substr_count

Class Sanitize

Data Sanitization.

Removal of alpahnumeric characters, SQL-safe slash-added strings, HTML-friendly strings, and all of the above on arrays.

Package: cake\cake\libs
Location: sanitize.php

Method Summary

  • clean() public

    Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters:

  • escape() public
    Makes a string SQL-safe.
  • formatColumns() public
    Formats column data from definition in DBO's $columns array
  • html() public
    Returns given string safe for display as HTML. Renders entities.
  • paranoid() public
    Removes any non-alphanumeric characters.
  • stripAll() public
    Strips extra whitespace, images, scripts and stylesheets from output
  • stripImages() public
    Strips image tags from output
  • stripScripts() public
    Strips scripts and stylesheets from output
  • stripTags() public

    Strips the specified tags from output. First parameter is string from where to remove tags. All subsequent parameters are tags.

  • stripWhitespace() public
    Strips extra whitespace from output

Method Detail

clean() public ¶

clean( mixed $data , mixed $options = array() )

Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters:

  • odd_spaces - removes any non space whitespace characters
  • encode - Encode any html entities. Encode must be true for the remove_html to work.
  • dollar - Escape $ with \$
  • carriage - Remove \r
  • unicode -
  • escape - Should the string be SQL escaped.
  • backslash -
  • remove_html - Strip HTML with strip_tags. encode must be true for this option to work.
Parameters
mixed $data
Data to sanitize
mixed $options optional array()
If string, DB connection being used, otherwise set of options
Returns
mixed
Sanitized data

escape() public ¶

escape( string $string , string $connection = 'default' )

Makes a string SQL-safe.

Parameters
string $string
String to sanitize
string $connection optional 'default'
Database connection being used
Returns
string
SQL safe string

formatColumns() public ¶

formatColumns( Model $model )

Formats column data from definition in DBO's $columns array

Parameters
Model $model
The model containing the data to be formatted

html() public ¶

html( string $string , array $options = array() )

Returns given string safe for display as HTML. Renders entities.

strip_tags() does not validating HTML syntax or structure, so it might strip whole passages with broken HTML.

Options:

  • remove (boolean) if true strips all HTML tags before encoding
  • charset (string) the charset used to encode the string
  • quotes (int) see http://php.net/manual/en/function.htmlentities.php
Parameters
string $string
String from where to strip tags
array $options optional array()
Array of options to use.
Returns
string
Sanitized string

paranoid() public ¶

paranoid( string $string , array $allowed = array() )

Removes any non-alphanumeric characters.

Parameters
string $string
String to sanitize
array $allowed optional array()
An array of additional characters that are not to be removed.
Returns
string
Sanitized string

stripAll() public ¶

stripAll( string $str )

Strips extra whitespace, images, scripts and stylesheets from output

Parameters
string $str
String to sanitize
Returns
string
sanitized string

stripImages() public ¶

stripImages( string $str )

Strips image tags from output

Parameters
string $str
String to sanitize
Returns
string
Sting with images stripped.

stripScripts() public ¶

stripScripts( string $str )

Strips scripts and stylesheets from output

Parameters
string $str
String to sanitize
Returns
string
String with