How to sanitize $_POST

I am just learning Yii.  I'm writing my very first application but I cannot find how to sanitize the $_POST contents.

I've used KohanaPHP and with it you can get post values as $this->input->post('name', true) that already comes sanitized (the true on the second parameter does the trick) or configure the framework to sanitize all the input variables by itself.

I cannot find how I can do something like that on Yii.  The closest thing I found on the forums was the use of CHtmlPurifier::purify($_POST) but it doesn't works for me:



Property "CalculadoraController.options" is not defined.

Source File


00047:    {

00048:        $output=$this->purify($output);

00049:        parent::processOutput($output);

00050:    }


00052:    /**

00053:      * Purifies the HTML content by removing malicious code.

00054:      * @param string the content to be purified.

00055:      * @return string the purified content

00056:      */

00057:    public function purify($content)

00058:    {

00059: $purifier=new HTMLPurifier($this->options);

00060:        $purifier->config->set('Cache','SerializerPath',Yii::app()->getRuntimePath());

00061:        return $purifier->purify($content);

00062:    }

00063: }

Could somebody give me a light about it ?

Thank you for your help.


Yii doesn't provide input sanitization feature. The CHtmlPurifier component is used used to sanitize the data to be displayed to end-users.

You can use PHP filter_input() function directly ( if you want to sanitize the input.

Thank you for the quick response.  I'll use the filter_input function then.

Alternatively, you may check out my Yii-Kohana bridging class:


Then you may use the Kohana helpers such as:




@canglan, good to hear that.  I saw your web page when I was searching a solution to my question.  I've used a little more Kohana than Yii.  I think I'll try the Kohana Bridge very soon.

Thank you for answering.