- Data Structure
- Networking
- RDBMS
- Operating System
- Java
- MS Excel
- iOS
- HTML
- CSS
- Android
- Python
- C Programming
- C++
- C#
- MongoDB
- MySQL
- Javascript
- PHP
- Physics
- Chemistry
- Biology
- Mathematics
- English
- Economics
- Psychology
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
What are the methods for sanitizing user inputs with PHP?
Sanitizing of inputs is an interesting concept in PHP. Sanitizing means escaping the unauthorized characters in the input. Let's learn some best practices to process the inputs in a safe and secure way.
Use of real_escape_string() funnction in mysqli statements.
Example
<?php $conn= new mysqli("localhost", "root","","testdb"); $street = $conn->real_escape_string($_POST['street']); ?>
we can use htmlentities() and html_entity_decode() while insert data in database and displaying in Browser.
Example
<?php $data['message'] = htmlentities($message);//at the time of insert in database echo html_entity_decode($data['message']); //at the time of display in browser ?>
Sanitize user-input when in Command Prompt by using escapeshellarg.
Example −
<?php system('ls '.escapeshellarg($data['dir']));?>
Advertisements