How to Secure Inputs in PHP
In this article, we’re going to learn how to sanitize inputs in PHP. It increases the security of the code. Let’s have a look.
Table of Contents
Create Methods
We’re going to create two functions. One function is clean. It’ll be used for stripping out malicious bits.
function clean($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Javascript tag
'@<[\/\!]*?[^<>]*?>@si', // HTML tags
'@<style[^>]*?>.*?</style>@siU', // Style tags
'@<![\s\S]*?--[ \t\n\r]*>@' // Multi-line
);
$output = preg_replace($search, '', $input);
return $output;
}
We need to create another function named sanitize. Sanitizing usually refers to input, so you are stripping away parts of the input that could be problematic for your program (or avoid SQL injection ).
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
Usage
Let’s see an example:
$string = "Hello <script>alert('hacked');</script> world!";
$sanitized = sanitize($string);
echo $sanitized; // Hello world!
We can sanitize POST, GET, REQUEST inputs:
$post_data = sanitize($_POST);
$get_data = sanitize($_GET);
$request_data = sanitize($_REQUEST);
The tutorial is over. Thanks for reading. ?
Comment
Preview may take a few seconds to load.
Markdown Basics
Below you will find some common used markdown syntax. For a deeper dive in Markdown check out this Cheat Sheet
Bold & Italic
Italics *asterisks*
Bold **double asterisks**
Code
Inline Code
`backtick`Code Block```
Three back ticks and then enter your code blocks here.
```
Headers
# This is a Heading 1
## This is a Heading 2
### This is a Heading 3
Quotes
> type a greater than sign and start typing your quote.
Links
You can add links by adding text inside of [] and the link inside of (), like so:
Lists
To add a numbered list you can simply start with a number and a ., like so:
1. The first item in my list
For an unordered list, you can add a dash -, like so:
- The start of my list
Images
You can add images by selecting the image icon, which will upload and add an image to the editor, or you can manually add the image by adding an exclamation !, followed by the alt text inside of [], and the image URL inside of (), like so:
Dividers
To add a divider you can add three dashes or three asterisks:
--- or ***

Comments (0)