{"id":1285,"date":"2021-02-26T18:53:02","date_gmt":"2021-02-26T18:53:02","guid":{"rendered":"https:\/\/dft.wiki\/?p=1285"},"modified":"2021-03-16T13:17:53","modified_gmt":"2021-03-16T13:17:53","slug":"php-sql-injection-prevention","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=1285","title":{"rendered":"PHP \/ SQL Injection Prevention"},"content":{"rendered":"

Basic usage of the main PHP native functions.<\/p>\n

See PHP documentation for more details, examples and versions that they apply.<\/p>\n

strip_tags<\/strong> [Link<\/a>]<\/p>\n

$string = strip_tags($input);\r\n$string = strip_tags($input,\u00a0'<br>');\r\n$string = strip_tags($input, '<p><a>');\r\n$string = strip_tags($input, ['p',\u00a0'a']);<\/pre>\n
htmlspecialchars<\/strong> [Link<\/a>]<\/p>\n
$string = htmlspecialchars($input);\r\n$string = htmlspecialchars($input, ENT_QUOTES);<\/pre>\n
filter_var<\/strong> [Link<\/a>]<\/p>\n
$string = filter_var($input, FILTER_SANITIZE_STRIPPED);\r\n$string = filter_var($input, FILTER_VALIDATE_EMAIL);\r\n$string = filter_var($input, FILTER_VALIDATE_URL,\u00a0FILTER_FLAG_PATH_REQUIRED);\r\n$string = filter_var($input, FILTER_VALIDATE_IP<\/span>,\u00a0<\/span>FILTER_FLAG_NO_PRIV_RANGE\u00a0<\/span>|\u00a0<\/span>FILTER_FLAG_NO_RES_RANGE<\/span>);<\/pre>\n
See also Sanitize Filters [Link<\/a>] and Validate filters [Link<\/a>].<\/p>\n
mysqli_real_escape_string<\/strong> [Link<\/a>]<\/p>\n
$string = mysqli_real_escape_string($link, $input);<\/pre>\n
Other ways to filter the content of a string:<\/strong><\/p>\n
$string = str_replace(array('\"', \"'\", '`', '\u00b4', '\u00a8'), '', $input);\r\n$string = preg_replace('#[^A-Za-z\u00e0-\u017a\u00c0-\u01790-9 ]#', '', $input);\r\n$string = trim($input, \" \\n\\r\\t\\v\\0\");<\/pre>\n","protected":false},"excerpt":{"rendered":"
Basic usage of the main PHP native functions. See PHP documentation for more details, examples […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,7],"tags":[],"class_list":["post-1285","post","type-post","status-publish","format-standard","hentry","category-hacking","category-web"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1285","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1285"}],"version-history":[{"count":1,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1285\/revisions"}],"predecessor-version":[{"id":1286,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1285\/revisions\/1286"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1285"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}