$sanitizer provides sanitization functions for dealing with user input
The $sanitizer variable is provided to every template. Sanitizer provides these functions to fill the most common data sanitization needs with sites developed in ProcessWire. Always sanitize/filter any data you get from $input->get, $input->post, $input->cookie (and PHP's $_GET, $_POST, $_COOKIE if you use them).
|$sanitizer->email($value)||Sanitizes a value for an email address, then filters it. If not valid after sanitization, this function returns a blank string.|
|$sanitizer->fieldName($value)||Sanitizes a value for a Field name. Same as the name() filter, except that it doesn't allow dashes.|
|$sanitizer->name($value)||Sanitizes a value for a ProcessWire name, meaning all characters except for these ASCII characters: "a-zA-Z0-9_." (not including the quotes) are removed. It also truncates the length to 128 characters.|
|$sanitizer->pageName($value)||Sanitizes a value for a URL friendly Page name. Same as the name() filter, except that it converts uppercase to lowercase, and it attempts UTF-8 to ASCII conversion.|
|$sanitizer->pageName($value, true)||Sanitizes a value for a URL friendly Page name and cleans out leading or trailing dashes, and converts double dashes to single dashes. Use this if you are passing in a headline to convert to a page name (for example).|
|$sanitizer->selectorField($value)||Sanitizes a field name as used in a selector value. This function is only necessary if you are dealing with user submitted field names. This is rarely the case in the author's experience, but provided here for consistency with selectorValue()|
|$sanitizer->selectorValue($value)||Sanitizes a string that needs to appear in a selector value. Replaces disallowed characters with spaces. If value is not already quoted, it will add quotes if it determines they are necessary (like if it contains commas). It limits the length to 100 characters (multibyte safe).|
|$sanitizer->text($value)||Sanitize a single line of input text. Removes tags, removes newline characters, and truncates length to 1024 characters. This is multibyte safe if your PHP has multibyte support.|
|$sanitizer->text($value, $options)||Same as the above, except you may provide an $options array to change the behavior. You may specify one or more options in the $options array. See the reference of $options later in this page.|
|$sanitizer->textarea($value)||Same as the text() function above, except that multiple lines are allowed and maxLength is 16k.|
|$sanitizer->textarea($value, $options)||Same as textarea() except that you may modify the options documented later in this page, noting that multiLine is already true, and maxLength is already 16384.|
|$sanitizer->url($value)||Filters a URL value. Returns a valid URL or blank if it can't be made valid. If URL contains a domain and is valid but missing a protocol (like http://) it will add it. It won't add a protocol to local/relative URLs.|
$options that may be provided to the text() and textarea() functions
The values given here are the default value when ommitted from the text() function.
$options = array( // set to true to allow multiple lines of copy 'multiLine' => false, // maximum allowed characters for multibyte strings 'maxLength' => 255, // maximum number of bytes allowed in the string (multibyte safe) 'maxBytes' => 1024, // markup tags that are allowed. Example: "<strong><em>" 'allowableTags' => '', // character set of $value provided 'inCharset' => 'UTF-8', // character set to convert to (if different from inCharset) 'outCharset' => 'UTF-8' );
No comments yet. Be the first to post!
Your e-mail is kept confidential and not included with your comment. Website is optional.