Input validation vs sanitization in PHP - Performance Comparison

We want to understand how the time it takes to check and clean user input grows as the input size grows.

How does the cost of validating and sanitizing input change when the input gets longer?

Analyze the time complexity of the following code snippet.

function validateInput(array $inputs): bool {
    foreach ($inputs as $input) {
        if (!preg_match('/^[a-zA-Z0-9]+$/', $input)) {
            return false;
        }
    }
    return true;
}

function sanitizeInput(array $inputs): array {
    $cleaned = [];
    foreach ($inputs as $input) {
        $cleaned[] = htmlspecialchars($input, ENT_QUOTES, 'UTF-8');
    }
    return $cleaned;
}
    

This code checks if each input only has letters and numbers, then cleans each input to make it safe for display.

• Primary operation: Looping through each input item once in both validation and sanitization.
• How many times: Once per input element, so the number of times equals the number of inputs.

As the number of inputs grows, the time to check and clean them grows in a straight line.

Input Size (n)	Approx. Operations
10	About 10 checks and 10 cleans
100	About 100 checks and 100 cleans
1000	About 1000 checks and 1000 cleans

Pattern observation: The work grows evenly with the number of inputs; doubling inputs doubles work.

Time Complexity: O(n)

This means the time to validate and sanitize grows directly with the number of inputs.

[X] Wrong: "Validation and sanitization take constant time no matter how many inputs there are."

[OK] Correct: Each input must be checked and cleaned, so more inputs mean more work.

Understanding how input handling scales helps you write secure and efficient code, a skill valued in many coding tasks.

"What if we validated inputs using nested loops to compare each input with every other input? How would the time complexity change?"