Sanitizing of inputs is an interesting concept in PHP. Sanitizing means escaping the unauthorized characters in the input. Let's learn some best practices to process the inputs in a safe and secure way.
Use of real_escape_string() funnction in mysqli statements.
Example
<?php
$conn= new mysqli("localhost", "root","","testdb");
$street = $conn->real_escape_string($_POST['street']);
?>we can use htmlentities() and html_entity_decode() while insert data in database and displaying in Browser.
Example
<?php $data['message'] = htmlentities($message);//at the time of insert in database echo html_entity_decode($data['message']); //at the time of display in browser ?>
Sanitize user-input when in Command Prompt by using escapeshellarg.
Example −
<?php system('ls '.escapeshellarg($data['dir']));?>