php – What does it mean to "sanitize" data?

Question:

I'm making a form, and I'm doing the validation part…

See too the term sanitize or sanitizar , what does that mean?

I've even seen some functions in php that take this term in their parameters.

Answer:

Eliminate text snippets in a data entry that have metadata characteristics, and therefore may cause some security problem.

For example: in HTML the characters < > & are part of the markup , if a data string contains these characters, it will cause problems because the browser will interpret it as HTML. When sending to the browser, such characters must be rewritten as &lt; &gt; &amp; respectively. (By the way, I had to do this here while writing my answer, otherwise the replacement symbols wouldn't appear correctly!)

It is very common to have to remove certain HTML codes and especially JavaScript from what may be published in some page of the system, and this script compromises the user experience, modify information or even create facilities to infect it.

Or you can clean up data that will serve as the name of a directory or file so you don't access what you shouldn't.

Another cleanup that can be useful is to eliminate snippets of SQL that can be injected into the query and do damage. In SQL, single and double quotes delimit strings, so data with these characters without sanitization can mess up SQL commands. There is usually a better technique for preventing this from happening.

It is possible to make some specific corrections, only allowing certain well-formed data to be accepted, an email for example, or just a number, etc. There is a page with some of these filters possible in PHP . And the page with information on the subject .

Scroll to Top