Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
What are the methods for sanitizing user inputs with PHP?
Sanitizing of inputs is an interesting concept in PHP. Sanitizing means escaping the unauthorized characters in the input. Let's learn some best practices to process the inputs in a safe and secure way.
Use of real_escape_string() funnction in mysqli statements.
Example
<?php
$conn= new mysqli("localhost", "root","","testdb");
$street = $conn->real_escape_string($_POST['street']);
?>we can use htmlentities() and html_entity_decode() while insert data in database and displaying in Browser.
Example
<?php $data['message'] = htmlentities($message);//at the time of insert in database echo html_entity_decode($data['message']); //at the time of display in browser ?>
Sanitize user-input when in Command Prompt by using escapeshellarg.
Example −
<?php system('ls '.escapeshellarg($data['dir']));?>
Updated on: 29-Jun-2020
270 Views
Advertisements