What does it mean to "sanitize" data?
I'm making a form, and I'm performing the validation part...
I see the term sanitize or sanitizar a lot, what does that mean?
I have even seen some functions in php that take this term in their parameters.
2 answers
Delete snippets of text in a data entry that have metadata characteristics, and therefore may cause some security issue.
For example: in HTML the & characters are part of the markup, if a data string contains these characters, it will cause problems because the browser will interpret as HTML. When sending to the browser, these characters must be rewritten as & respectively. (Incidentally, I had to do this here while writing my answer, otherwise the substitute symbols would not appear correctly!)
It is very common to have to take certain HTML codes and especially JavaScript from what can be published on some page of the system, and this script compromise the user experience, modify information or even create facilities to infect it.
Or you can clear data that will serve as the name of a directory or file so as not to access what it should not.
Other cleaning that it can be useful is to eliminate snippets of SQL that can be injected into the query and do havoc. In SQL, single and double quotes delimit strings, so data with these characters without sanitation can disrupt SQL commands. In general there is better technique to prevent this from happening.
It is possible to make some specific sanitizations, only allowing certain well-formed data to be accepted, an e-mail for example, or only number, etc. Has a page with some of these filters possible in PHP . And the page with information on the subject .
Of W3 Schools :
Sanitize data = remove any illegal characters from the data.
Self-explanatory, serves to normalize data so you can work with it later.