Tuesday, 14 April 2015

What is Best method for sanitizing user input with PHP?

What is Best method for sanitizing user input with PHP

Sanitize user-input when using in Mysql Query.
You can use real_escape_string of mysqli.
For Example:
$mysqliObj = new mysqli("localhost", "root", "", "mydb");
$city = $mysqliObj->real_escape_string($_POST['city']);
if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
    printf("%d Row inserted.\n", $mysqli->affected_rows);
}



Sanitize user-input  while insert in database and displaying in Browser.
You can use htmlentities and html_entity_decode.
For Example:
echo htmlentities($data['description']);//at the time of insert in database 
echo html_entity_decode($data['description']); //at the time of display in browser from database



Sanitize user-input when using in Command Prompt.
You can use escapeshellarg.
For Example:
system('ls '.escapeshellarg($data['dir']));





Best Related Posts are Following:

  1. What is Best method for sanitizing user input with PHP?
  2. Difference between Notice and warning and fatal error
  3. How can I prevent SQL-injection in PHP [SOLVED]
  4. PHP Register Globals
  5. PHP Sessions and Cookie and Security
  6. Free Boost Web Application By 20% in Simple Steps
  7. PHP Check Mime Type of File - Return Information About A File
  8. Crontab Interview Questions and Answers
  9. Improve Ajax Performance
  10. PHP Captcha Code Example Code Snippets
  11. PHP - Secure Ajax Call from Hackers - Example
  12. htaccess code snippets example
  13. Manage Cron Job with PHP - SSH2 Connection
  14. Shared Server Security Risk open_basedir disable_functions disable_classes
  15. Spoofed Forms - Stop Spoofed Form Submissions
  16. Session Fixation
  17. Session Hijacking
  18. openssl private encrypt
  19. Cross Site Request Forgery
  20. SQL Injection Attack - PHP & MySQL
  21. Cross-Site Scripting
  22. PHP INI settings
Labels: