PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (09.10.2024)

Community News: Latest PECL Releases (09.03.2024)

Community News: Latest PECL Releases (08.27.2024)

Community News: Latest PECL Releases (08.20.2024)

Community News: Latest PECL Releases (08.13.2024)

Community News: Latest PECL Releases (08.06.2024)

Community News: Latest PECL Releases (07.30.2024)

Community News: Latest PECL Releases (07.23.2024)

Community News: Latest PECL Releases (07.16.2024)

Community News: Latest PECL Releases (07.09.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Reddit.com:
How do YOU sanitize input?

byChris Cornutt Nov 03, 2011 @ 16:04:02

On Reddit.com there's a recent post that asks the question How do YOU sanitize input in your PHP applications?

I am developing some software for my high school using HTML, CSS, MySQL, and most importantly PHP. [...] So I pose this question, what is YOUR favorite way to sanitize input for inserting, updating, or selecting from a database? Also, is there any way you prefer to verify that input is of a certain type, and only of that type ie, if you're expecting an int or a string, how would you make sure you are receiving one?

Answers on the post touch on things like:

parametrised queries for databases
filter_var/filter_types
Sanitized versus "database-safe"
using PDO
avoiding the false sense of security things like mysql_escape_string and mysql_real_escape_string