En vous promenant sur Beamreactor, nous stockons votre IP 48h pour des raisons de sécurité.
BeamReactor Workbench
BeamReactor
System:
BeamReactor 3.0
Workbench 2.1
Mem: 0.5 MB
Time: 07:10:15

Lecteur Markdown

Knowledge Base › BEAMREACTOR_SANITIZER_DOCUMENTATION

BEAMREACTOR_SANITIZER_DOCUMENTATION

PHP Sanitizer #

A modern, robust approach to handling PHP's loose typing system. The Sanitizer enforces strict data typing, prevents injection attacks, handles multibyte data properly, and protects against overflow vulnerabilities.

---

Features #

Type Enforcement - Prevents illegal data insertion

Multibyte Safe - Proper UTF-8 handling

Injection Protection - Guards against SQL, XSS, path traversal

Overflow Prevention - Blocks delimiter attacks, NaN, infinity

Static API - Clean, modern interface (since v2.0)

---

Requirements #

  • PHP 7.4+ (PHP 8.x recommended)
  • mbstring extension (for multibyte operations)

---

Installation #

use Beamreactor\Sanitizer\Parser;

The Sanitizer is auto-loaded via BeamReactor's PluginAutoloader.

---

Quick Start #

Sanitize Data #

use Beamreactor\Sanitizer\Parser;

// Sanitize user input
$cleanEmail = Parser::sanitize($_POST['email'], 'email');
$cleanAge = Parser::sanitize($_POST['age'], 'int');
$cleanName = Parser::sanitize($_POST['name'], 'string', ['maxLength' => 100]);

Validate Data #

// Check if data is valid (returns true/false)
if (Parser::check($userInput, 'uuid')) {
	// Valid UUID
} else {
	// Invalid format
}

---

Available Datatypes #

Numeric Types #

Arithmetic #

Evaluates mathematical expressions in text fields (e.g., "2+2" → 4).

$result = Parser::sanitize('10 + 5 * 2', 'arithmetic');
// Returns: 20

Int #

Integer values only.

$age = Parser::sanitize('25.7', 'int');
// Returns: 25

$negative = Parser::sanitize('-100', 'int');
// Returns: -100

Float #

Floating-point numbers.

$price = Parser::sanitize('19.99', 'float');
// Returns: 19.99

$scientific = Parser::sanitize('1.5e3', 'float');
// Returns: 1500.0

---

String Types #

String #

General text with sanitization.

$text = Parser::sanitize('<script>alert("xss")</script>', 'string');
// Returns: sanitized string (no HTML)

$limited = Parser::sanitize('Very long text...', 'string', ['maxLength' => 50]);
// Returns: truncated to 50 chars

Name #

Human names (letters, spaces, hyphens, apostrophes).

$name = Parser::sanitize("Jean-François O'Brien", 'name');
// Returns: "Jean-François O'Brien"

$invalid = Parser::sanitize("John123", 'name');
// Returns: "John" (numbers stripped)

Html #

HTML content (preserves safe tags).

$content = Parser::sanitize('<p>Hello <b>world</b></p>', 'html');
// Returns: allowed tags preserved, dangerous ones stripped

Xml #

XML-safe content.

$xml = Parser::sanitize('<tag attr="value">Text & symbols</tag>', 'xml');
// Returns: properly escaped XML

---

Network Types #

Email #

Email addresses.

$email = Parser::sanitize('  USER@EXAMPLE.COM  ', 'email');
// Returns: "user@example.com" (trimmed, lowercased)

if (Parser::check($email, 'email')) {
	// Valid email format
}

Url #

URLs and URIs.

$url = Parser::sanitize('https://example.com/path?query=value', 'url');
// Returns: validated URL

$cleaned = Parser::sanitize('javascript:alert(1)', 'url');
// Returns: false (dangerous protocol)

Ip #

IPv4 and IPv6 addresses.

$ip = Parser::sanitize('192.168.1.1', 'ip');
// Returns: "192.168.1.1"

$ipv6 = Parser::sanitize('2001:0db8::1', 'ip');
// Returns: valid IPv6

---

File System Types #

Path #

File paths (prevents directory traversal).

$path = Parser::sanitize('uploads/file.jpg', 'path');
// Returns: "uploads/file.jpg"

$malicious = Parser::sanitize('../../../etc/passwd', 'path');
// Returns: false (traversal blocked)

---

Specialized Types #

Date #

Date and datetime values.

$date = Parser::sanitize('2025-12-29', 'date');
// Returns: validated date

$datetime = Parser::sanitize('2025-12-29 14:30:00', 'date');
// Returns: valid datetime

Bool #

Boolean values.

$bool = Parser::sanitize('true', 'bool');
// Returns: true

$zero = Parser::sanitize('0', 'bool');
// Returns: false

Uuid #

Universally Unique Identifiers (v4).

$uuid = Parser::sanitize('550e8400-e29b-41d4-a716-446655440000', 'uuid');
// Returns: valid UUID

if (Parser::check($input, 'uuid')) {
	// Valid UUID format
}

Ldapuser #

LDAP usernames.

$ldap = Parser::sanitize('john.doe', 'ldapuser');
// Returns: LDAP-safe username

Phpsession #

PHP session IDs.

$session = Parser::sanitize($_COOKIE['PHPSESSID'], 'phpsession');
// Returns: validated session ID

---

Special Types #

Null #

Ensures null values.

$null = Parser::sanitize('', 'null');
// Returns: null

$nonNull = Parser::sanitize('value', 'null');
// Returns: false

Encoding #

Validates UTF-8 encoding.

$text = Parser::sanitize($input, 'encoding');
// Returns: UTF-8 validated text

Dummy #

Pass-through type (for custom validation).

$raw = Parser::sanitize($data, 'dummy');
// Returns: data as-is (no sanitization)

---

Advanced Usage #

Options Array #

Most datatypes accept an options array as the third parameter:

Parser::sanitize($input, $type, $options);

Common options:

  • `maxLength` - Maximum string length
  • `minLength` - Minimum string length
  • `allowedChars` - Whitelist of characters
  • `encoding` - Character encoding (default: UTF-8)

Examples:

// Limit string length
$username = Parser::sanitize($input, 'string', ['maxLength' => 50]);

// Minimum length enforcement
$password = Parser::sanitize($input, 'string', ['minLength' => 8]);

// Custom character whitelist
$code = Parser::sanitize($input, 'string', ['allowedChars' => 'A-Z0-9']);

Empty Array Trick #

Pass an empty array to sanitize without encoding:

// Sanitize but don't HTML-encode
$text = Parser::sanitize($message, 'string', []);

---

Security Best Practices #

Input Validation #

// ALWAYS sanitize user input
$userId = Parser::sanitize($_GET['id'], 'int');
$email = Parser::sanitize($_POST['email'], 'email');
$file = Parser::sanitize($_FILES['upload']['name'], 'path');

Database Queries #

// Use with BeamReactor SQL class
use Beamreactor\Database\SQL;

$name = Parser::sanitize($_POST['name'], 'string', ['maxLength' => 100]);
$age = Parser::sanitize($_POST['age'], 'int');

SQL::query(
	"INSERT INTO users (name, age) VALUES (?, ?)",
	[$name, $age],
	['string', 'int']
);

XSS Prevention #

// User-generated content
$comment = Parser::sanitize($_POST['comment'], 'html');

// Display safely
echo $comment; // Dangerous tags stripped

Path Traversal Protection #

// File uploads
$filename = Parser::sanitize($_FILES['file']['name'], 'path');

if ($filename) {
	move_uploaded_file($_FILES['file']['tmp_name'], 'uploads/' . $filename);
}

---

Error Handling #

Both `sanitize()` and `check()` return `false` on validation failure:

$result = Parser::sanitize($input, 'email');

if ($result === false) {
	// Invalid email format
	throw new Exception('Invalid email address');
}

Type-safe checking:

if (!Parser::check($_POST['uuid'], 'uuid')) {
	http_response_code(400);
	die('Invalid UUID format');
}

---

Migration from v1.x #

Old (instance-based):

$parser = new Sanitizer\Parser();
$clean = $parser->sanitize($data, 'string');

New (static):

use Beamreactor\Sanitizer\Parser;
$clean = Parser::sanitize($data, 'string');

---

Performance Notes #

  • Type detection is case-sensitive - Use exact casing (e.g., `Int` not `int`)
  • Multibyte operations - Properly handles UTF-8, emoji, accented characters
  • Minimal overhead - Optimized for high-throughput applications

---

Credits #

Author: Treveur Bretaudière

Organization: BeamReactor

License: Proprietary (BeamReactor CMS)

Version: 2.1.0 (Static API)

← Tous les fichiers
BeamReactor v3.0 • AmigaOS Workbench 2.1 Tribute • 2026