How to Sanitize Input in PHP

November 15, 2018 by Mohammed Samgan Khan

Although the development has taken a great deal of up-gradation in the last few years with DevOps, frameworks, automation etc. etc. etc. but still there are a number of people who still prefer the old way. Moreover, if you are starting new of just creating a college project or something like that it’s still cool to use the core PHP.

The inputs in Core PHP are venerable to what you call “SQL Injection”, to before putting them to use it’s a mandatory practice to sanitize them. Below is the function you can use for the same. It’s simple, straight forward and easy to use.

Benefits:

• It reduces the threat of SQL injection by removing the SQL (if there is any)
• It also removes the HTML tags from the data passed as some bad guys pass <scripts> too for some undesirable works.

Uses:

Using the function is simple all you have to do is make sure that it needs mysql_connection links to function. Please make sure you provide it. Remaining is nothing to worry about.

Function:

/**
 * protecting  the input form the SQL injection and script injection.
 * @param $data
 * @return mixed
 */
public function sanitizer ($data)
{
    if (!empty($data)) {
        foreach ($data as $key => $dataValue) {
            if (empty($dataValue)) {
                continue;
            }
            $dataValue = strip_tags($dataValue);
            $data[$key] = mysql_real_escape_string($dataValue, $this->link);
        }
    }

    return $data;
}

Function Call:

$object = new Class();
$sanitizedGetArray = $object->sanitizer($_GET);
$sanitizedPostArray = $object->sanitizer($_POST);

If you have some other things to add to this function feel free to comment, I am still learning too you know.