I have been using Yii for more than 10 years since yii 1.0. But never thing of doing any sanitizing input until I learned wordpress when I am recommended to sanitize the input coming from, a form.
At the moment, I only do validation like trim, string, required, number, etc. Is is enough to do the sanitazion?
I heard about HtmlPurifier couple years ago but I remembered someone said that it was slow.
should I do some strip_tags, htmlentities? I am only handling basic data not html data.
Any enlightment how should we do to the incoming input from the form?
Hi @emuthomi, thank you for your response. What I understand is that I should use HtmlPurifier when sanitizing html content.
May I make conclusion that when sanitizing input, if the content is non html, like name, address, city. etc, I do not need to apply the strip_tags/HtmlPurifier, only need to use prepared statement/ActiveRecord to protect from SQL Injection.
While in case of I accept HTML input, I need to use HTMLPurifier?