Level 75
There's a laravel package for html purifier, also blade handles some purification.
1 like
Dec 4, 2018
5
Level 13
How do you filter/clean user entered data?
I'm curious to know what strategies, techniques, packages do fellow developers use to handle the text or data entered by users?
Apps like forums get lot of user generated content and it's not safe to save it directly to the database.
Someone mentioned on this forum that Laravel automatically cleans the bad stuff but I'm not sure if it actually does.
Looking forward to suggestions. Thank you in advance.
Level 27
Laravel uses PDO so you don't have to worry about SQL Injections.
If you output the data, blade does encode all {{ HTML }} as text.
Level 1
Laravel Validates all requests by creating what they call requests. The documentation can be found here: https://laravel.com/docs/5.7/validation#form-request-validation
All forms should be validated before you insert data into the database.
Level 1
Also if you are entering data into a database through a GET request, make sure to sanitize the data before you attempt to insert it. PHP sanitation through filter_var:
Level 13
I'm not sure how did I skip the Form Request Validation part! :/ . I think it's time to rewrite the duplicate work I did in my controllers.
@jlrdw - I do make use of HTML Purifier. My only complaint with blade {{ }} is that it turns & into &, which looks bad. I'm therefore using {!! html_entity_decode($text) !!}; but not sure if it's safe.
@tpane24 - Thank you for letting me know about filter var. I can definitely make use of it at places.
Please or to participate in this conversation.