how to sanitize php input code example
Example 1: php filters
#Filter Validation
<?php
if(filter_has_var(INPUT_POST,'data')){
$email = $_POST['data'];
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
echo $email.'<br>';
if(filter_input(INPUT_POST, 'data', FILTER_VALIDATE_EMAIL)){
echo 'Email is Valid';
}else{
echo 'Email is not Valid';
}
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
echo 'Email is Valid';
}else{
echo 'Email is not Valid';
}
}
$var = 'john';
if(filter_var($var, FILTER_VALIDATE_INT)){
echo '<br>'.$var.' is a number<br>';
}else{
echo '<br>'.$var.' is not a number'.'<br>';
}
$var2 = '33k2dsdffgsdf3563sdf';
var_dump(filter_var($var2, FILTER_SANITIZE_NUMBER_INT));
$filters = array(
"data" => FILTER_VALIDATE_EMAIL,
"data2" => array(
"filter" => FILTER_VALIDATE_INT,
"options" => array(
"min_range" => 1,
"max_range" => 100
)
)
);
print_r(filter_input_array(INPUT_POST, $filters));
?>
<form method ="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<input type="text" name="data">
<input type="text" name="data2">
<button type="submit">Submit</button>
</form>
Example 2: php clean user input
<?php
function cleanUserInput($userinput) {
$dbConnection = databaseConnect();
if (empty($userinput)) {
return;
} else {
$userinput = htmlspecialchars($userinput);
$userinput = mysqli_real_escape_string($dbConnection, $userinput);
}
return $userinput;
}
?>
Example 3: sanitize user input php
<?php
function sanitize($string) {
return addslashes(htmlspecialchars($string));
}
?>