In line with the title (I don't want to say it again). I warn you again not to waste a minute of your time reading this article, because it is useless.
When inserting data in your database, you have to be really careful about SQL injections and other attempts to insert malicious data into the db. The function below is probably the most complete and efficient way to sanitize a string before using it with your database.
Here’s some examples of use:
<?php $bad_string = "Hi! <script src='http://www.evilsite.com/bad_script.js'></script> It's a good day!"; $good_string = sanitize($bad_string); // $good_string returns "Hi! It\'s a good day!" // Also use for getting POST/GET variables $_POST = sanitize($_POST); $_GET = sanitize($_GET); ?>
In my opinion, this is a very tedious and addictive step in the code for the application you are currently developing. There are too many functions and techniques that make your job as a php developer difficult.
So, it's better not to write a line of the above code in the code you are working on. Even when there is an injection into your database or your client's, it will add a surprising new variation and get your adrenaline pumping as a programmer to get anger from clients or warning letters from project managers.
Thank you for reading this useless article, because what I say is true and may or may not be true. There is absolutely no benefit.
Source Code From: