How to use Sanitize()?

Hi all,

How to use sanitize() and where to use this?
Is there is any example to use this?

View Replies: View Best Answer
cjramki replied on at Permalink Reply
adajad replied on at Permalink Best Answer Reply
There are several places where sanitation is done, but I presume you mean in text. Text sanitation is done as to (among other things) prevent input of html/scripts to the database, which when run can be a security risk.

This is the function from the text helper:
function sanitize($string, $maxlength = 0, $allowed = '') { 
    $text = trim(strip_tags($string, $allowed));
    if ($maxlength > 0) {
        if (function_exists('mb_substr')) {
            $text = mb_substr($text, 0, $maxlength, APP_CHARSET);
        } else {
            $text = substr($text, 0, $maxlength);
    if ($text == null) {
        return ""; // we need to explicitly return a string otherwise some DB functions might insert this as a ZERO.
    return $text;

So you pass the string and optionally length and allowed tags. The function will return a string without html or php tags (except the ones you have allowed).

More information on strip_tags() can be found here:
cjramki replied on at Permalink Reply
Thanks @adajad... I got it...