Saintizing input

I have been using Yii for more than 10 years since yii 1.0. But never thing of doing any sanitizing input until I learned wordpress when I am recommended to sanitize the input coming from, a form.

At the moment, I only do validation like trim, string, required, number, etc. Is is enough to do the sanitazion?

I heard about HtmlPurifier couple years ago but I remembered someone said that it was slow.

should I do some strip_tags, htmlentities? I am only handling basic data not html data.

Any enlightment how should we do to the incoming input from the form?

This was discussed here How Do I Sanitize User Input With Yii 2.0? - #4 by samdark and here How does Yii handle data sanitization? - #12 by methods

Hi @emuthomi, thank you for your response. What I understand is that I should use HtmlPurifier when sanitizing html content.

May I make conclusion that when sanitizing input, if the content is non html, like name, address, city. etc, I do not need to apply the strip_tags/HtmlPurifier, only need to use prepared statement/ActiveRecord to protect from SQL Injection.

While in case of I accept HTML input, I need to use HTMLPurifier?

Correct. Also pass your input data through validations before saving.