Whenever you process data from the outside, always process it in this order:
Sanitize
Validate
Execute
Display feedback
Example:
$errors=array();// 1. Sanitisation$email=filter_var($_POST['email'],FILTER_SANITIZE_EMAIL);// 2. Validationif(false===filter_var($email,FILTER_VALIDATE_EMAIL)){$errors['email']="Invalid email address";}// 3. Exécutionif(count($errors)>0){echo'There are errors : ';print_r($errors);exit;}// At this point, all is fine, let's open the gate...$bdd=newPDO('mysql:host=localhost;dbname=test','root','');//...// 4. Feedback information
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Whenever you process data from the outside, always process it in this order:
Example: