Sanitizing User Input

Are you accepting user input and you really need to be sure it comes in in a sanitized format? This can easily be accomplished by using our sanitization libraries:

Basic HTML Special Character Encoding

h($request->request->get('maliciousParameter'));

The POST variable 'maliciousParameter' will be run through htmlspecialchars.

Special Sanitize Methods

Use the sanitizing service to sanitize based on types:

Retrieve the Service

$service = \Core::make('helper/security');

Then you can run all the sanitize methods found in Concrete\Core\Validation\SanitizeService

print $service->sanitizeInt($request->request->get('maliciousInt'));

Or email:

print $service->sanitizeEmail($request->request->get('maliciousInt'));

These methods will only valid integers and emails through.

Loading Conversation