thebigk's avatar
Level 13

How do you sanitize user input data?

I'm curious to know what are your preferred methods of sanitizing user input data? I've tried using HTML purifier and found it too difficult to customize and get things working without errors.

Am I missing out on a simpler, yet super reliable solution? Please let me know.

Thank you in advance.

1 like
5 replies
jlrdw's avatar

I use strip_tags

    public static function fixValue($rvalue)
    {
        $rvalue = empty($rvalue) && !is_numeric($rvalue) ? NULL : trim(strip_tags($rvalue));
        return $rvalue;
    }

Of course validate your data and use blade as well.

2 likes
thebigk's avatar
Level 13

@jlrdw - Thank you. I do use validation and blade; however; when users enter HTML - I've to be extra cautious. Just want to know - is strip_tags combined with trim sufficient? I think Laravel trims the strings automatically via middleware.

What would you do if the system must allow HTML input from users ( a la WordPress) ?

1 like
eylay's avatar

you may wanna try elegantweb/sanitizer on github

1 like

Please or to participate in this conversation.