What are the best PHP input sanitizing functions?

后端 未结 13 1474
抹茶落季
抹茶落季 2020-11-21 23:31

I am trying to come up with a function that I can pass all my strings through to sanitize. So that the string that comes out of it will be safe for database insertion. But t

13条回答
  •  广开言路
    2020-11-22 00:06

    You use mysql_real_escape_string() in code similar to the following one.

    $query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
      mysql_real_escape_string($user),
      mysql_real_escape_string($password)
    );
    

    As the documentation says, its purpose is escaping special characters in the string passed as argument, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). The documentation also adds:

    If binary data is to be inserted, this function must be used.

    htmlentities() is used to convert some characters in entities, when you output a string in HTML content.

提交回复
热议问题