Sanitizing a Date

php sanitization input-sanitization
MagentoMan picture MagentoMan · Apr 13, 2014 · Viewed 15k times · Source

I am using a javascript date picker that allows the user to select a date. However, I would like to also sanitize the posted date data before entering into the database. I am not seeing any sanitize filter here: http://us2.php.net/manual/en/filter.filters.sanitize.php

What would be the best method to sanitize a date before entering into a database?

This would be the original value from the post:

$datepick = $_POST['date'];
// wich is 04/12/2014

Then I convert it for the database:

$date = date("Y-m-d", strtotime($datepick));

Thanks!

Answer

Paul Denisevich picture Paul Denisevich · Apr 13, 2014

If your date is like "03/02/2014" then you can simply clean your variable by regexp:

$date = preg_replace("([^0-9/])", "", $_POST['date']);

This allows only digits (0-9) and fwd slash (/).

Related questions

Sanitizing strings to make them URL and filename safe?

I am trying to come up with a function that does a good job of sanitizing certain strings so that they are safe to use in the URL (like a post slug) and also safe to use as file names. …

Read More
What are the best PHP input sanitizing functions?

I am trying to come up with a function that I can pass all my strings through to sanitize. So that the string that comes out of it will be safe for database insertion. But there are so many filtering …

Read More
string sanitizer for filename

I'm looking for a php function that will sanitize a string and make it ready to use for a filename. Anyone know of a handy one? ( I could write one, but I'm worried that I'll overlook a character! ) Edit: for …

Read More