April 21, 2013
Proper Form Input Sanitation
Undermine2k’s Questions:
I have form fields i’m gathering from my form using
var dataString = $("form").serialize();
I am then sending this over to my controller as dataType “html”
The var_dump for my dataString looks like this (so far, but it will contain email address, select options, etc)
array(3) {
["username"]=>
string(5) "mikey"
["firstname"]=>
string(4) "tes%"
["lastname"]=>
string(6) "tester" }
my question is as follows: What is the proper method of form sanitation i should be using before I send data to my model? I know I need to strip special characters and the like, is there some prepackaged class I should be using?
Do I need to break my data up like
$username = trim(Array[0]) ;