CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Reporting Security Issues
    • Privacy Policy
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Get Involved
    • Issues (GitHub)
    • Bakery
    • Featured Resources
    • Training
    • Meetups
    • My CakePHP
    • CakeFest
    • Newsletter
    • Linkedin
    • YouTube
    • Facebook
    • Twitter
    • Mastodon
    • Help & Support
    • Forum
    • Stack Overflow
    • Slack
    • Paid Support
CakePHP

C CakePHP 2.9 API

  • Overview
  • Tree
  • Deprecated
  • Version:
    • 2.9
      • 4.2
      • 4.1
      • 4.0
      • 3.9
      • 3.8
      • 3.7
      • 3.6
      • 3.5
      • 3.4
      • 3.3
      • 3.2
      • 3.1
      • 3.0
      • 2.10
      • 2.9
      • 2.8
      • 2.7
      • 2.6
      • 2.5
      • 2.4
      • 2.3
      • 2.2
      • 2.1
      • 2.0
      • 1.3
      • 1.2

Packages

  • Cake
    • Cache
      • Engine
    • Configure
    • Console
      • Command
        • Task
    • Controller
      • Component
        • Acl
        • Auth
    • Core
    • Error
    • Event
    • I18n
    • Log
      • Engine
    • Model
      • Behavior
      • Datasource
        • Database
        • Session
      • Validator
    • Network
      • Email
      • Http
    • Routing
      • Filter
      • Route
    • TestSuite
      • Coverage
      • Fixture
      • Reporter
    • Utility
    • View
      • Helper
  • None

Classes

  • CakeNumber
  • CakeText
  • CakeTime
  • ClassRegistry
  • Debugger
  • File
  • Folder
  • Hash
  • Inflector
  • ObjectCollection
  • Sanitize
  • Security
  • Set
  • String
  • Validation
  • Xml

Class Sanitize

Data Sanitization.

Removal of alphanumeric characters, SQL-safe slash-added strings, HTML-friendly strings, and all of the above on arrays.

Package: Cake\Utility
Deprecated: 3.0.0 Deprecated since version 2.4
Copyright: Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
License: MIT License
Location: Cake/Utility/Sanitize.php

Method Summary

  • clean() public static deprecated

    Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters:

  • escape() public static deprecated
    Makes a string SQL-safe.
  • html() public static deprecated
    Returns given string safe for display as HTML. Renders entities.
  • paranoid() public static deprecated
    Removes any non-alphanumeric characters.
  • stripAll() public static deprecated
    Strips extra whitespace, images, scripts and stylesheets from output
  • stripImages() public static deprecated
    Strips image tags from output
  • stripScripts() public static deprecated
    Strips scripts and stylesheets from output
  • stripTags() public static deprecated

    Strips the specified tags from output. First parameter is string from where to remove tags. All subsequent parameters are tags.

  • stripWhitespace() public static deprecated
    Strips extra whitespace from output

Method Detail

clean() public static deprecated ¶

clean( string|array $data , string|array $options = array() )

Sanitizes given array or value for safe input. Use the options to specify the connection to use, and what filters should be applied (with a boolean value). Valid filters:

  • odd_spaces - removes any non space whitespace characters
  • encode - Encode any html entities. Encode must be true for the remove_html to work.
  • dollar - Escape $ with \$
  • carriage - Remove \r
  • unicode -
  • escape - Should the string be SQL escaped.
  • backslash -
  • remove_html - Strip HTML with strip_tags. encode must be true for this option to work.
Parameters
string|array $data
Data to sanitize
string|array $options optional array()
If string, DB connection being used, otherwise set of options
Returns
mixed
Sanitized data

escape() public static deprecated ¶

escape( string $string , string $connection = 'default' )

Makes a string SQL-safe.

Parameters
string $string
String to sanitize
string $connection optional 'default'
Database connection being used
Returns
string
SQL safe string

html() public static deprecated ¶

html( string $string , array $options = array() )

Returns given string safe for display as HTML. Renders entities.

strip_tags() does not validating HTML syntax or structure, so it might strip whole passages with broken HTML.

Options:

  • remove (boolean) if true strips all HTML tags before encoding
  • charset (string) the charset used to encode the string
  • quotes (int) see http://php.net/manual/en/function.htmlentities.php
  • double (boolean) double encode html entities
Parameters
string $string
String from where to strip tags
array $options optional array()
Array of options to use.
Returns
string
Sanitized string

paranoid() public static deprecated ¶

paranoid( string $string , array $allowed = array() )

Removes any non-alphanumeric characters.

Parameters
string $string
String to sanitize
array $allowed optional array()
An array of additional characters that are not to be removed.
Returns
string
Sanitized string

stripAll() public static deprecated ¶

stripAll( string $str )

Strips extra whitespace, images, scripts and stylesheets from output

Parameters
string $str
String to sanitize
Returns
string
sanitized string

stripImages() public static deprecated ¶

stripImages( string $str )

Strips image tags from output

Parameters
string $str
String to sanitize
Returns
string
Sting with images stripped.

stripScripts() public static deprecated ¶

stripScripts( string $str )

Strips scripts and stylesheets from output

Parameters
string $str
String to sanitize
Returns
string
String with , ,