PHP Security Sanitize your Data Before Send to MySQL Database

October 20th, 2011 by Regaz

PHP 5 How-to Sanitize Data before Insertion




Here I describe a General Sanitizing Filter for Data Sent to MySQL.

The Data to Insert into MySQL are contained in the $data Variable.

PHP 5 How-to Sanitize Data before Insertion - Featured
  1. Check if magic_quotes is On and if Yes Strip Slashes
    if (get_magic_quotes_gpc()) $data = stripslahes($data);
  2. Trim and Escape your Data
    • With a mysql_connect Connection
      $data = mysql_real_escape_string(trim($data));
    • With a mysqli_connect Connection
      $data = mysqli_real_escape_string(trim($data), $yourDBConnection);

Tags: ,