{"id":2527,"date":"2021-09-04T09:56:09","date_gmt":"2021-09-04T09:56:09","guid":{"rendered":"https:\/\/phptutorial.net\/?page_id=2527"},"modified":"2025-04-08T04:30:36","modified_gmt":"2025-04-08T04:30:36","slug":"php-sanitize-input","status":"publish","type":"page","link":"https:\/\/www.phptutorial.net\/php-tutorial\/php-sanitize-input\/","title":{"rendered":"PHP Sanitize Input"},"content":{"rendered":"\n<p><strong>Summary<\/strong>: in this tutorial, you&#8217;ll learn to develop a reusable PHP <code>sanitize()<\/code> function to sanitize inputs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='introduction-to-sanitizing-input'>Introduction to sanitizing input <a href=\"#introduction-to-sanitizing-input\" class=\"anchor\" id=\"introduction-to-sanitizing-input\" title=\"Anchor for Introduction to sanitizing input\">#<\/a><\/h2>\n\n\n\n<p>Before processing data from untrusted sources such as HTTP <code>post<\/code> or <code>get<\/code> request, you should always sanitize it first.<\/p>\n\n\n\n<p>Sanitizing input means removing illegal characters using deleting, replacing, encoding, or escaping techniques.<\/p>\n\n\n\n<p>PHP provides a list of <a href=\"https:\/\/www.php.net\/manual\/en\/filter.filters.sanitize.php\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">sanitizing filters<\/a> that you can use to sanitize input effectively. The following functions use these filters to sanitize the input:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-filter_input\/\">filter_input()<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-filter_var\/\">filter_var()<\/a><\/li>\n\n\n\n<li>filter_input_array()<\/li>\n\n\n\n<li>filter_var_array()<\/li>\n<\/ul>\n\n\n\n<p>In this tutorial, we&#8217;ll create a reusable <code>sanitize()<\/code> function that sanitizes the inputs in a more expressive way.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='define-the-sanitize-function'>Define the sanitize() function <a href=\"#define-the-sanitize-function\" class=\"anchor\" id=\"define-the-sanitize-function\" title=\"Anchor for Define the sanitize() function\">#<\/a><\/h2>\n\n\n\n<p>Suppose you have the following fields in the <code>$_POST<\/code> variable and want to sanitize them:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>name<\/li>\n\n\n\n<li>email<\/li>\n\n\n\n<li>age<\/li>\n\n\n\n<li>weight<\/li>\n\n\n\n<li>homepage<\/li>\n<\/ul>\n\n\n\n<p>To do that, you can define a <code>sanitize()<\/code> function and call it as follows:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">$data = santize($_POST, $fields);<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The <code>sanitize()<\/code> function should look like this:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-title\">sanitize<\/span><span class=\"hljs-params\">(array $inputs, array $fields)<\/span> : <span class=\"hljs-title\">array<\/span><\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The function has two parameters:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The <code>$inputs<\/code> parameter is an associative array. It can be <code>$_POST<\/code>, <code>$_GET<\/code>, or a regular associative array.<\/li>\n\n\n\n<li>The <code>$fields<\/code> parameter is an array that specifies a list of fields with rules.<\/li>\n<\/ul>\n\n\n\n<p>The <code>sanitize()<\/code> function returns an array that contains the sanitized data.<\/p>\n\n\n\n<p>The<code>$fields<\/code> should be an associative array in which the key is the field name and value is the rule for that field. For example:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">$fields = &#91;\n    <span class=\"hljs-string\">'name'<\/span> =&gt; <span class=\"hljs-string\">'string'<\/span>,\n    <span class=\"hljs-string\">'email'<\/span> =&gt; <span class=\"hljs-string\">'email'<\/span>,\n    <span class=\"hljs-string\">'age'<\/span> =&gt; <span class=\"hljs-string\">'int'<\/span>,\n    <span class=\"hljs-string\">'weight'<\/span> =&gt; <span class=\"hljs-string\">'float'<\/span>,\n    <span class=\"hljs-string\">'github'<\/span> =&gt; <span class=\"hljs-string\">'url'<\/span>,\n    <span class=\"hljs-string\">'hobbies'<\/span> =&gt; <span class=\"hljs-string\">'string&#91;]'<\/span>\n];<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Note that the <code>string[]<\/code> means an array of strings.<\/p>\n\n\n\n<p>To sanitize these fields:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>First, iterate over the <code>$fields<\/code> and use the corresponding filter for each. For example, if the rule is <code>string<\/code>, the filter will be <code>FILTER_SANITIZE_STRING<\/code>.<\/li>\n\n\n\n<li>Second, sanitize the field using the filter.<\/li>\n<\/ul>\n\n\n\n<p>To get a filter based on the rule of a field, you can define a mapping between the rules with the filters like this:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-keyword\">const<\/span> FILTERS = &#91;\n    <span class=\"hljs-string\">'string'<\/span> =&gt; FILTER_SANITIZE_FULL_SPECIAL_CHARS,\n    <span class=\"hljs-string\">'string&#91;]'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_FULL_SPECIAL_CHARS,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_REQUIRE_ARRAY\n    ],\n    <span class=\"hljs-string\">'email'<\/span> =&gt; FILTER_SANITIZE_EMAIL,\n    <span class=\"hljs-string\">'int'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_INT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_REQUIRE_SCALAR\n    ],\n    <span class=\"hljs-string\">'int&#91;]'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_INT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_REQUIRE_ARRAY\n    ],\n    <span class=\"hljs-string\">'float'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_FLOAT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_FLAG_ALLOW_FRACTION\n    ],\n    <span class=\"hljs-string\">'float&#91;]'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_FLOAT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_REQUIRE_ARRAY\n    ],\n    <span class=\"hljs-string\">'url'<\/span> =&gt; FILTER_SANITIZE_URL,\n];<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>For example, the following returns the filter of the <code>string<\/code> rule:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">FILTER&#91;<span class=\"hljs-string\">'string'<\/span>]<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>To sanitize multiple fields at a time, you can use the <code>filter_var_array()<\/code> function:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-6\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">filter_var_array($inputs, $options)<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-6\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The first parameter of the <code>filter_var_array()<\/code> function is an array of variables to filter. And the second parameter is an array of filters. For example, it should look like this:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-7\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">$options = &#91;\n    <span class=\"hljs-string\">'name'<\/span> =&gt; FILTER_SANITIZE_FULL_SPECIAL_CHARS,\n    <span class=\"hljs-string\">'email'<\/span> =&gt; FILTER_SANITIZE_EMAIL,\n    <span class=\"hljs-string\">'age'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_INT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_REQUIRE_SCALAR\n    ],\n    <span class=\"hljs-string\">'weight'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_FLOAT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_FLAG_ALLOW_FRACTION\n    ],\n    <span class=\"hljs-string\">'github'<\/span> =&gt; FILTER_SANITIZE_URL,\n];<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-7\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>So you need to return this <code>$options<\/code> from the <code>$fields<\/code> and <code>FILTERS<\/code> arrays. To do that, you can use the <code>array_map()<\/code> function like this:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-8\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"> $options = array_map(fn($field) =&gt; FILTERS&#91;$field], $fields);<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-8\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The following shows the <code>sanitize()<\/code> function:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-9\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-title\">sanitize<\/span><span class=\"hljs-params\">(array $inputs, array $fields)<\/span>: <span class=\"hljs-title\">array<\/span>\n<\/span>{\n    $options = array_map(fn($field) =&gt; FILTERS&#91;$field], $fields);\n    <span class=\"hljs-keyword\">return<\/span> filter_var_array($inputs, $options);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-9\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h2 class=\"wp-block-heading\" id='make-the-sanitize-function-more-flexible'>Make the sanitize() function more flexible <a href=\"#make-the-sanitize-function-more-flexible\" class=\"anchor\" id=\"make-the-sanitize-function-more-flexible\" title=\"Anchor for Make the sanitize() function more flexible\">#<\/a><\/h2>\n\n\n\n<p>The <code>sanitize()<\/code> function uses the <code>FILTERS<\/code> constant. To make it more flexible, you can add a parameter and set its default value to the <code>FILTERS<\/code> constant like this:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-10\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-title\">sanitize<\/span><span class=\"hljs-params\">(array $inputs, array $fields, array $filters = FILTERS)<\/span>: <span class=\"hljs-title\">array<\/span>\n<\/span>{\n    $options = array_map(fn($field) =&gt; $filters&#91;$field], $fields);\n    <span class=\"hljs-keyword\">return<\/span> filter_var_array($inputs, $options);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-10\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Also, you may want to sanitize the fields in the <code>$inputs<\/code> using one filter e.g., <code>FILTER_SANITIZE_STRING<\/code>.<\/p>\n\n\n\n<p>To do that, you can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>First, make the <code>$fields<\/code> parameter optional and set its default value to an empty array <code>[]<\/code>.<\/li>\n\n\n\n<li>Second, add a default filter parameter.<\/li>\n\n\n\n<li>Third, if the <code>$filters<\/code> array is empty, use the default filter.<\/li>\n<\/ul>\n\n\n\n<p>The <code>sanitize()<\/code> function will look like the following:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-11\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-title\">sanitize<\/span><span class=\"hljs-params\">(array $inputs, array $fields = &#91;], int $default_filter = FILTER_SANITIZE_FULL_SPECIAL_CHARS, array $filters = FILTERS)<\/span>: <span class=\"hljs-title\">array<\/span>\n<\/span>{\n    <span class=\"hljs-keyword\">if<\/span> ($fields) {\n        $options = array_map(fn($field) =&gt; $filters&#91;$field], $fields);\n        <span class=\"hljs-keyword\">return<\/span> filter_var_array($inputs, $options);\n    }\n\n    <span class=\"hljs-keyword\">return<\/span> filter_var_array($inputs, $default_filter);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-11\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h2 class=\"wp-block-heading\" id='remove-whitespaces-of-strings'>Remove whitespaces of strings <a href=\"#remove-whitespaces-of-strings\" class=\"anchor\" id=\"remove-whitespaces-of-strings\" title=\"Anchor for Remove whitespaces of strings\">#<\/a><\/h2>\n\n\n\n<p>To remove the whitespaces of a string, you use the <code>trim()<\/code> function. And to remove the whitespaces of an array of strings, you use the <code>array_map()<\/code> function with the <code>trim()<\/code> function:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-12\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">$trimmed_data = array_map(<span class=\"hljs-string\">'trim'<\/span>, $inputs);<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-12\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>However, the <code>$inputs<\/code> may contain items that are not strings. To trim the string item only, you can use <code>is_string()<\/code> function to check if the item is a string before trimming it:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-13\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">$trimmed_data = array_map(<span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-params\">($item)<\/span> <\/span>{\n    <span class=\"hljs-keyword\">if<\/span> (is_string($item)) {\n        <span class=\"hljs-keyword\">return<\/span> trim($item);\n    }\n    <span class=\"hljs-keyword\">return<\/span> $item;\n}, $inputs);<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-13\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The <code>$inputs<\/code> may contain an item that is an array of strings. For example:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-14\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">$inputs = &#91;\n    ...\n    <span class=\"hljs-string\">'hobbies'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">' Reading'<\/span>,\n        <span class=\"hljs-string\">'Running '<\/span>,\n        <span class=\"hljs-string\">' Programming '<\/span>\n    ]\n]<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-14\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>To trim the strings in the <code>hobbies<\/code> item, you need to use a recursive function:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-15\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-title\">array_trim<\/span><span class=\"hljs-params\">(array $items)<\/span>: <span class=\"hljs-title\">array<\/span>\n<\/span>{\n    <span class=\"hljs-keyword\">return<\/span> array_map(<span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-params\">($item)<\/span> <\/span>{\n        <span class=\"hljs-keyword\">if<\/span> (is_string($item)) {\n            <span class=\"hljs-keyword\">return<\/span> trim($item);\n        } <span class=\"hljs-keyword\">elseif<\/span> (is_array($item)) {\n            <span class=\"hljs-keyword\">return<\/span> array_trim($item);\n        } <span class=\"hljs-keyword\">else<\/span>\n            <span class=\"hljs-keyword\">return<\/span> $item;\n    }, $items);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-15\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h2 class=\"wp-block-heading\" id='call-array_trim-from-the-sanitize-function'>Call array_trim() from the sanitize() function <a href=\"#call-array_trim-from-the-sanitize-function\" class=\"anchor\" id=\"call-array_trim-from-the-sanitize-function\" title=\"Anchor for Call array_trim() from the sanitize() function\">#<\/a><\/h2>\n\n\n\n<p>To call the <code>array_trim()<\/code> function from the <code>sanitize()<\/code> function:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>First, add a new parameter called <code>$trim<\/code> to the <code>sanitize()<\/code> function and set its default value to true.<\/li>\n\n\n\n<li>Second, call the <code>array_trim()<\/code> if the $trim parameter is true.<\/li>\n<\/ul>\n\n\n\n<p>The following shows the updated <code>sanitize()<\/code> function:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-16\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-title\">sanitize<\/span><span class=\"hljs-params\">(array $inputs, array $fields = &#91;], int $default_filter = FILTER_SANITIZE_FULL_SPECIAL_CHARS, array $filters = FILTERS, bool $trim = true)<\/span>: <span class=\"hljs-title\">array<\/span>\n<\/span>{\n    <span class=\"hljs-keyword\">if<\/span> ($fields) {\n        $options = array_map(fn($field) =&gt; $filters&#91;$field], $fields);\n        $data = filter_var_array($inputs, $options);\n    } <span class=\"hljs-keyword\">else<\/span> {\n        $data = filter_var_array($inputs, $default_filter);\n    }\n\n    <span class=\"hljs-keyword\">return<\/span> $trim ? array_trim($data) : $data;\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-16\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h2 class=\"wp-block-heading\" id='put-it-all-together'>Put it all together <a href=\"#put-it-all-together\" class=\"anchor\" id=\"put-it-all-together\" title=\"Anchor for Put it all together\">#<\/a><\/h2>\n\n\n\n<p>The following shows the complete <code>sanitization.php<\/code> file with <code>FILTERS<\/code>, <code>array_trim()<\/code>, and <code>sanitize()<\/code> functions:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-17\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\n<span class=\"hljs-keyword\">const<\/span> FILTERS = &#91;\n    <span class=\"hljs-string\">'string'<\/span> =&gt; FILTER_SANITIZE_FULL_SPECIAL_CHARS,\n    <span class=\"hljs-string\">'string&#91;]'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_FULL_SPECIAL_CHARS,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_REQUIRE_ARRAY\n    ],\n    <span class=\"hljs-string\">'email'<\/span> =&gt; FILTER_SANITIZE_EMAIL,\n    <span class=\"hljs-string\">'int'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_INT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_REQUIRE_SCALAR\n    ],\n    <span class=\"hljs-string\">'int&#91;]'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_INT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_REQUIRE_ARRAY\n    ],\n    <span class=\"hljs-string\">'float'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_FLOAT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_FLAG_ALLOW_FRACTION\n    ],\n    <span class=\"hljs-string\">'float&#91;]'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">'filter'<\/span> =&gt; FILTER_SANITIZE_NUMBER_FLOAT,\n        <span class=\"hljs-string\">'flags'<\/span> =&gt; FILTER_REQUIRE_ARRAY\n    ],\n    <span class=\"hljs-string\">'url'<\/span> =&gt; FILTER_SANITIZE_URL,\n];\n\n<span class=\"hljs-comment\">\/**\n* Recursively trim strings in an array\n* <span class=\"hljs-doctag\">@param<\/span> array $items\n* <span class=\"hljs-doctag\">@return<\/span> array\n*\/<\/span>\n<span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-title\">array_trim<\/span><span class=\"hljs-params\">(array $items)<\/span>: <span class=\"hljs-title\">array<\/span>\n<\/span>{\n    <span class=\"hljs-keyword\">return<\/span> array_map(<span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-params\">($item)<\/span> <\/span>{\n        <span class=\"hljs-keyword\">if<\/span> (is_string($item)) {\n            <span class=\"hljs-keyword\">return<\/span> trim($item);\n        } <span class=\"hljs-keyword\">elseif<\/span> (is_array($item)) {\n            <span class=\"hljs-keyword\">return<\/span> array_trim($item);\n        } <span class=\"hljs-keyword\">else<\/span>\n            <span class=\"hljs-keyword\">return<\/span> $item;\n    }, $items);\n}\n\n<span class=\"hljs-comment\">\/**\n* Sanitize the inputs based on the rules an optionally trim the string\n* <span class=\"hljs-doctag\">@param<\/span> array $inputs\n* <span class=\"hljs-doctag\">@param<\/span> array $fields\n* <span class=\"hljs-doctag\">@param<\/span> int $default_filter FILTER_SANITIZE_FULL_SPECIAL_CHARS\n* <span class=\"hljs-doctag\">@param<\/span> array $filters FILTERS\n* <span class=\"hljs-doctag\">@param<\/span> bool $trim\n* <span class=\"hljs-doctag\">@return<\/span> array\n*\/<\/span>\n<span class=\"hljs-function\"><span class=\"hljs-keyword\">function<\/span> <span class=\"hljs-title\">sanitize<\/span><span class=\"hljs-params\">(array $inputs, array $fields = &#91;], int $default_filter = FILTER_SANITIZE_FULL_SPECIAL_CHARS, array $filters = FILTERS, bool $trim = true)<\/span>: <span class=\"hljs-title\">array<\/span>\n<\/span>{\n    <span class=\"hljs-keyword\">if<\/span> ($fields) {\n        $options = array_map(fn($field) =&gt; $filters&#91;$field], $fields);\n        $data = filter_var_array($inputs, $options);\n    } <span class=\"hljs-keyword\">else<\/span> {\n        $data = filter_var_array($inputs, $default_filter);\n    }\n\n    <span class=\"hljs-keyword\">return<\/span> $trim ? array_trim($data) : $data;\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-17\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h2 class=\"wp-block-heading\" id='use-the-sanitize-function'>Use the sanitize() function <a href=\"#use-the-sanitize-function\" class=\"anchor\" id=\"use-the-sanitize-function\" title=\"Anchor for Use the sanitize() function\">#<\/a><\/h2>\n\n\n\n<p>The following shows how to use the <code>sanitize()<\/code> function to sanitize data in the <code>$input<\/code> using the sanitization rules specified in the <code>$fields<\/code>:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-18\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\n<span class=\"hljs-keyword\">require<\/span>  <span class=\"hljs-keyword\">__DIR__<\/span> . <span class=\"hljs-string\">'\/sanitization.php'<\/span>;\n\n$inputs = &#91;\n    <span class=\"hljs-string\">'name'<\/span> =&gt; <span class=\"hljs-string\">'joe&lt;script&gt;'<\/span>,\n    <span class=\"hljs-string\">'email'<\/span> =&gt; <span class=\"hljs-string\">'joe@example.com&lt;\/&gt;'<\/span>,\n    <span class=\"hljs-string\">'age'<\/span> =&gt; <span class=\"hljs-string\">'18abc'<\/span>,\n    <span class=\"hljs-string\">'weight'<\/span> =&gt; <span class=\"hljs-string\">'100.12lb'<\/span>,\n    <span class=\"hljs-string\">'github'<\/span> =&gt; <span class=\"hljs-string\">'https:\/\/github.com\/joe'<\/span>,\n    <span class=\"hljs-string\">'hobbies'<\/span> =&gt; &#91;\n        <span class=\"hljs-string\">' Reading'<\/span>,\n        <span class=\"hljs-string\">'Running '<\/span>,\n        <span class=\"hljs-string\">' Programming '<\/span>\n    ]\n];\n\n$fields = &#91;\n    <span class=\"hljs-string\">'name'<\/span> =&gt; <span class=\"hljs-string\">'string'<\/span>,\n    <span class=\"hljs-string\">'email'<\/span> =&gt; <span class=\"hljs-string\">'email'<\/span>,\n    <span class=\"hljs-string\">'age'<\/span> =&gt; <span class=\"hljs-string\">'int'<\/span>,\n    <span class=\"hljs-string\">'weight'<\/span> =&gt; <span class=\"hljs-string\">'float'<\/span>,\n    <span class=\"hljs-string\">'github'<\/span> =&gt; <span class=\"hljs-string\">'url'<\/span>,\n    <span class=\"hljs-string\">'hobbies'<\/span> =&gt; <span class=\"hljs-string\">'string&#91;]'<\/span>\n];\n\n$data = sanitize($inputs,$fields);\n\nvar_dump($data);<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-18\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Output:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-19\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-keyword\">array<\/span> (size=<span class=\"hljs-number\">6<\/span>)\n  <span class=\"hljs-string\">'name'<\/span> =&gt; string <span class=\"hljs-string\">'joe&amp;#60;script&amp;#62;'<\/span> (length=<span class=\"hljs-number\">19<\/span>)\n  <span class=\"hljs-string\">'email'<\/span> =&gt; string <span class=\"hljs-string\">'joe@example.com'<\/span> (length=<span class=\"hljs-number\">15<\/span>)\n  <span class=\"hljs-string\">'age'<\/span> =&gt; string <span class=\"hljs-string\">'18'<\/span> (length=<span class=\"hljs-number\">2<\/span>)\n  <span class=\"hljs-string\">'weight'<\/span> =&gt; string <span class=\"hljs-string\">'100.12'<\/span> (length=<span class=\"hljs-number\">6<\/span>)\n  <span class=\"hljs-string\">'github'<\/span> =&gt; string <span class=\"hljs-string\">'https:\/\/github.com\/joe'<\/span> (length=<span class=\"hljs-number\">22<\/span>)\n  <span class=\"hljs-string\">'hobbies'<\/span> =&gt; \n    <span class=\"hljs-keyword\">array<\/span> (size=<span class=\"hljs-number\">3<\/span>)\n      <span class=\"hljs-number\">0<\/span> =&gt; string <span class=\"hljs-string\">'Reading'<\/span> (length=<span class=\"hljs-number\">7<\/span>)\n      <span class=\"hljs-number\">1<\/span> =&gt; string <span class=\"hljs-string\">'Running'<\/span> (length=<span class=\"hljs-number\">7<\/span>)\n      <span class=\"hljs-number\">2<\/span> =&gt; string <span class=\"hljs-string\">'Programming'<\/span> (length=<span class=\"hljs-number\">11<\/span>)<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-19\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>In this tutorial, you have learned how to develop a reusable PHP <code>sanitize()<\/code> function from scratch.<\/p>\n<div class=\"helpful-block-content\" data-title=\"\">\n\t<header>\n\t\t<div class=\"wth-question\">Did you find this tutorial useful?<\/div>\n\t\t<div class=\"wth-thumbs\">\n\t\t\t<button\n\t\t\t\tdata-post=\"2527\"\n\t\t\t\tdata-post-url=\"https:\/\/www.phptutorial.net\/php-tutorial\/php-sanitize-input\/\"\n\t\t\t\tdata-post-title=\"PHP Sanitize Input\"\n\t\t\t\tdata-response=\"1\"\n\t\t\t\tclass=\"wth-btn-rounded wth-yes-btn\"\n\t\t\t>\n\t\t\t\t<svg\n\t\t\t\t\txmlns=\"http:\/\/www.w3.org\/2000\/svg\"\n\t\t\t\t\tviewBox=\"0 0 24 24\"\n\t\t\t\t\tfill=\"none\"\n\t\t\t\t\tstroke=\"currentColor\"\n\t\t\t\t\tstroke-width=\"2\"\n\t\t\t\t\tstroke-linecap=\"round\"\n\t\t\t\t\tstroke-linejoin=\"round\"\n\t\t\t\t\tclass=\"feather feather-thumbs-up block w-full h-full\"\n\t\t\t\t>\n\t\t\t\t\t<path\n\t\t\t\t\t\td=\"M14 9V5a3 3 0 0 0-3-3l-4 9v11h11.28a2 2 0 0 0 2-1.7l1.38-9a2 2 0 0 0-2-2.3zM7 22H4a2 2 0 0 1-2-2v-7a2 2 0 0 1 2-2h3\"\n\t\t\t\t\t><\/path>\n\t\t\t\t<\/svg>\n\t\t\t\t<span class=\"sr-only\"> Yes <\/span>\n\t\t\t<\/button>\n\n\t\t\t<button\n\t\t\t\tdata-response=\"0\"\n\t\t\t\tdata-post=\"2527\"\n\t\t\t\tdata-post-url=\"https:\/\/www.phptutorial.net\/php-tutorial\/php-sanitize-input\/\"\n\t\t\t\tdata-post-title=\"PHP Sanitize Input\"\n\t\t\t\tclass=\"wth-btn-rounded wth-no-btn\"\n\t\t\t>\n\t\t\t\t<svg\n\t\t\t\t\txmlns=\"http:\/\/www.w3.org\/2000\/svg\"\n\t\t\t\t\tviewBox=\"0 0 24 24\"\n\t\t\t\t\tfill=\"none\"\n\t\t\t\t\tstroke=\"currentColor\"\n\t\t\t\t\tstroke-width=\"2\"\n\t\t\t\t\tstroke-linecap=\"round\"\n\t\t\t\t\tstroke-linejoin=\"round\"\n\t\t\t\t>\n\t\t\t\t\t<path\n\t\t\t\t\t\td=\"M10 15v4a3 3 0 0 0 3 3l4-9V2H5.72a2 2 0 0 0-2 1.7l-1.38 9a2 2 0 0 0 2 2.3zm7-13h2.67A2.31 2.31 0 0 1 22 4v7a2.31 2.31 0 0 1-2.33 2H17\"\n\t\t\t\t\t><\/path>\n\t\t\t\t<\/svg>\n\t\t\t\t<span class=\"sr-only\"> No <\/span>\n\t\t\t<\/button>\n\t\t<\/div>\n\t<\/header>\n\n\t<div class=\"wth-form hidden\">\n\t\t<div class=\"wth-form-wrapper\">\n\t\t\t<div class=\"wth-title\"><\/div>\n\t\t\t\n\t\t\t<textarea class=\"wth-message\"><\/textarea>\n\n\t\t\t<button class=\"btn btn-primary wth-btn-submit\">Send<\/button>\n\t\t\t<button class=\"btn wth-btn-cancel\">Cancel<\/button>\n\t\t\n\t\t<\/div>\n\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you&#8217;ll learn to develop a reusable PHP sanitize() function to sanitize inputs.<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":15,"menu_order":98,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2527","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/2527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/comments?post=2527"}],"version-history":[{"count":2,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/2527\/revisions"}],"predecessor-version":[{"id":3298,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/2527\/revisions\/3298"}],"up":[{"embeddable":true,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/15"}],"wp:attachment":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/media?parent=2527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}