Sanitizing or cleaning data before it goes into a database is key to good security. One of the best ways of doing this is using pre_____ statements. code example

Example: php clean user input

<?php
    function cleanUserInput($userinput) {
  
  		// Open your database connection
      	$dbConnection = databaseConnect();
  
  		// check if input is empty
        if (empty($userinput)) {
          return;
        } else {
          
        // Strip any html characters
        $userinput = htmlspecialchars($userinput);
        
		// Clean input using the database  
        $userinput = mysqli_real_escape_string($dbConnection, $userinput);
        }
       
  	  // Return a cleaned string
      return $userinput;
    }
?>

Tags:

Php Example