What are the methods for sanitizing user inputs with PHP?

PHPProgrammingServer Side Programming

Sanitizing of inputs is an interesting concept in PHP. Sanitizing means escaping the unauthorized characters in the input. Let's learn some best practices to process the inputs in a safe and secure way.

Use of real_escape_string() funnction in mysqli statements.


   $conn= new mysqli("localhost", "root","","testdb");
   $street = $conn->real_escape_string($_POST['street']);

we can use htmlentities() and html_entity_decode() while insert data in database and displaying in Browser.


   $data['message'] = htmlentities($message);//at the time of insert in database
   echo html_entity_decode($data['message']); //at the time of display in browser

Sanitize user-input when in Command Prompt by using escapeshellarg.

Example −

<?php system('ls '.escapeshellarg($data['dir']));?>
Published on 27-Jun-2019 18:44:59