# Sanitization

Sanitization in my ORM provides protection against SQL injection and other potential vulnerabilities by cleaning input data before it is used in queries. To enable sanitization, you need to create an instance of `DatabaseManager` with the `sanitizer: true` parameter:

```typescript
export const databaseManager = new DatabaseManager<DatabasesTypes.POSTGRES>({
    sanitizer: true,
});
```

The sanitizer is implemented through the `Sanitizer` class, which processes input data based on its type (string, number, or identifier). It uses various methods for data cleaning, including:

* **Number Sanitization**: Converts input data into numbers and checks their validity.
* **Identifier Sanitization**: Checks length, format, and the presence of reserved SQL words.
* **Automatic Sanitization**: Handles different data types such as HTML, XML, JSON, URLs, file paths, shell commands, and others.

**Examples of Data Before and After Sanitization:**

Data Before Sanitizatio&#x6E;**:**

```typescript
const htmlInput = "<script>alert('XSS');</script>";
const sqlInput = "SELECT * FROM users WHERE name = 'admin'; DROP TABLE users;";
const pathInput = "../../etc/passwd";
```

Data After Sanitizatio&#x6E;**:**

```typescript
const sanitizedHtml = Sanitizer.sanitize(htmlInput); // &lt;script&gt;alert(&#039;XSS&#039;);&lt;/script&gt;
const sanitizedSql = Sanitizer.sanitize(sqlInput); // SELECT * FROM users WHERE name = 'admin';
const sanitizedPath = Sanitizer.sanitize(pathInput); // etc/passwd
```

Sanitization in my ORM helps keep queries safe by cleaning incoming data from unwanted characters and potential threats. It includes protection against SQL injections, XSS attacks and other types of vulnerabilities. This functionality is currently under development, so some bugs or flaws may be discovered.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://myroslavs-organization.gitbook.io/orm/security/sanitization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.