Sanitising User Form Input Before Processing in PHP

By | 09/02/2015

Sanitising user form input before processing the data is an IMPORTANT security step to prevent malicious input wreaking havoc on your program or other unsuspecting users. The function below can take the $_POST array as input and return it sanitised for use.

function cleanse($input) {
 // Clean the input before use to make sure we don't accept any dangerous input
 $purifier = new HTMLPurifier(HTMLPurifier_Config::createDefault());
 foreach ($input as $key => $value) {
   $input[$key] = $purifier->purify($input[$key]); // $input[$key] is now sanitised.
 }
 return($input);
}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.