What does "sanitize" data mean?


I'm making a form, and I'm performing the validation part ...

I see a lot of the term sanitize or sanitizar , what does this mean?

I've even seen some functions in php that take this term in its parameters.

asked by anonymous 23.02.2017 / 21:32

2 answers


Delete snippets of text in a data entry that have metadata characteristics, and therefore may cause some security problem.

For example: in HTML the < > & markup, if a data string contains these characters, it will cause problems because the browser interprets as HTML. At the time of sending to the browser, such characters must be rewritten as & lt; & gt; & amp; respectively. (Incidentally, I had to do this here while writing my answer, otherwise the substitute symbols would not appear correctly!)

It is very common to have to extract certain HTML codes and mainly JavaScript from what can be published in some page of the system, and this script to compromise the user experience, modify information or even create facilities to infect it.

Or you can clear data that will serve as a directory or file name so you can not access what you should not.

Another cleanup that can be helpful is to delete SQL snippets that can be injected into the query and do damage. In SQL, single and double quotation marks delimit strings, so data with these characters without sanitization can disrupt SQL statements. There is usually a better technique to prevent this from happening.

It is possible to make some specific remedies, only allowing certain well-formed data to be accepted, an e-mail for example, or just numbers, etc. You have a page with some of these possible filters in PHP . And the page with information about the subject .

23.02.2017 / 21:37

From W3 Schools :

Sane data = Remove any illegal characters from the data.

Self explanatory, it serves to normalize data so that you can work with them later.

23.02.2017 / 21:36