Filter Component

Filtering and Sanitizing

Sanitizing user input is a critical part of software development. Trusting or neglecting to sanitize user input could lead to unauthorized access to the content of your application, mainly user data, or even the server your application is hosted on.

Full image on XKCD

Sanitizing content can be achieved using the Phalcon\Filter\FilterLocator and Phalcon\Filter\FilterLocatorFactory classes.


This component creates a new locator with predefined filters attached to it. Each filter is lazy loaded for maximum performance. To instantiate the factory and retrieve the Phalcon\Filter\FilterLocator with the preset sanitizers you need to call newInstance()


use Phalcon\Filter\FilterLocatorFactory;

$factory = new FilterLocatorFactory();
$locator = $factory->newInstance();

You can now use the locator wherever you need and sanitize content as per the needs of your application.


The filter locator can also be used as a stand alone component, without initializing the built-in filters.


use MyApp\Sanitizers\HelloSanitizer;
use Phalcon\Filter\FilterLocator;

$services = [
    'hello' => HelloSanitizer::class,
$locator = new FilterLocator($services);
$text    = $locator->hello('World');

The Phalcon\Di container already has a Phalcon\Filter\FilterLocator object loaded with the predefined sanitizers. The component can be accessed using the filter name. {: .alert .alert-info }