In PHP, there are several functions for input sanitizing:
1) strip_tags — Strip HTML and PHP tags from a string
2)
htmlspecialchars — Convert special characters to HTML entities
3)
htmlentities — Convert all applicable characters to HTML entities
htmlentities converts more characters to HTML entities than htmlspecialchar, and has more options.
mysqli_real_escape_string is used for MySQL
database sanitizing. It removes special characters that could
be considered dangerous when passed into a database.
another function
addslashes — Quote string with slashes
addslashes is less powerful than mysqli_real_escape_string
5)
filter_var — Filters a variable with a specified filter
No comments:
Post a Comment