PHP SQL Sanitize

PHP SQL Sanitize is a kind of filter which is used to allow or disallow characters in a string.

PHP SQL Sanitize

PHP SQL Sanitize

     

PHP SQL Sanitize is a kind of filter which is used to allow or disallow characters in a string.

This example illustrates how to implement the sanitized filter in php application.

Filter knows two kinds of filter:

  • sanitizing filters
  • logical filters

The sanitizing filters: 

  • Allow or disallow characters in a strings
  • Does not care about the data format
  • It always returns a string

Understand with Example

The Tutorial illustrate an example from 'PHP SQL Sanitize'. To understand the example we create a sanitize.php embeds a html page, which allows the user to enter the name in the text field. When accepting data from a user, any data at all should be sanitized before making its way. To sanitize the data we make use of php code begins with <?php and end with ?>.  For name field, there is no type to validate against, it can be filtered to remove HTML tags. The conditional if ($ name) evaluate to true if the $_POST['name'] variable was set and passed the filter. This will print the filtered version and the original version..

Source Code of sanitize.php 

<html>
  <head><title>Sanitization</title></head>
  <body>
  <form action="<?=$PHP_SELF?>" method="post" >
  Enter your name: <input name="name">
  <input type="submit" name="submit" value="Go">
  </form>
  </body>
</html>

<?php
  $name="";
  if (!filter_has_var(INPUT_POST, 'submit')) {
  echo "form";
  }
  $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS);

  if (is_null($name)) {
  echo "The 'name' field is required.<br />";
  else {
  echo "Hello $name.<br/>";
  }
?>

Download Source Code

Output: