PHP SQL Sanitize

PHP SQL Sanitize is a kind of filter which is used to allow or disallow characters in a string.

This example illustrates how to implement the sanitized filter in php application.

Filter knows two kinds of filter:

sanitizing filters
logical filters

The sanitizing filters:

Allow or disallow characters in a strings
Does not care about the data format
It always returns a string

Understand with Example

The Tutorial illustrate an example from 'PHP SQL Sanitize'. To understand the example we create a sanitize.php embeds a html page, which allows the user to enter the name in the text field. When accepting data from a user, any data at all should be sanitized before making its way. To sanitize the data we make use of php code begins with <?php and end with ?>. For name field, there is no type to validate against, it can be filtered to remove HTML tags. The conditional if ($ name) evaluate to true if the $_POST['name'] variable was set and passed the filter. This will print the filtered version and the original version..

Source Code of sanitize.php


<html>

  <head><title>Sanitization</title></head>

  <body>

  <form action="<?=$PHP_SELF?>" method="post" >

  Enter your name: <input name="name">

  <input type="submit" name="submit" value="Go">

  </form>

  </body>

</html>



<?php

  $name="";

  if (!filter_has_var(INPUT_POST, 'submit')) {

  echo "form";

  }

  $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS);



  if (is_null($name)) {

  echo "The 'name' field is required.<br />";

  } else {

  echo "Hello $name.<br/>";

  }

?>

Download Source Code

Output:

PHP SQL Sanitize

PHP SQL Sanitize

PHP SQL Sanitize

Tutorials