Questions tagged [sanitization]

Data santization is used to prevent code injection problems, by secure input and output handling, such as:

1. Input validation
2. Selective input inclusion/exclusion
3. Escaping dangerous characters. For instance, in PHP, using the htmlspecialchars() function (converts HTML tags to their ISO-8859-1 equivalents) and/or strip_tags() function (completely removes HTML tags) for safe output of text in HTML, and mysql_real_escape_string() to isolate data which will be included in an SQL request, to protect against SQL Injection.
4. Input encoding
5. Output encoding
6. Other coding practices which are not prone to code injection vulnerabilities, such as "parameterized SQL queries" (also known as "prepared statements" and sometimes "bound variables" or "bound values").
7. Modular shell disassociation from kernel