Image

Popular Search Terms

Blackjack Casino News Betting News Sweepstakes NHL Betting
Home PHP Security: Sanitizing Strings, Validating Values, and Interrogating Integers

PHP Security: Sanitizing Strings, Validating Values, and Interrogating Integers

Trust no-one. Not just a tag-line for The X-Files, it’s also sound advice when dealing with data supplied by users.

Image

Whether a user is trying to do something nasty or they’ve just hit an unfortunate combination of keys, you shouldn’t assume that what you’re saving is trouble-free. Here are some tips for validating input in your PHP application.

Numbers Only

Zend Framework has a handy class called Zend_Filter_Int that will take a value and strip out any non-numeric characters. Or, you could do something like this:

$output = preg_replace("/[^0-9-.]/", "", $data);

This will allow negative numbers and decimal points.

Strip Tags, Display Tags

Don’t want any HTML? Use strip_tags. If you’d prefer to display HTML tags so a user can share a code snippet, use htmlspecialchars and the code won’t be parsed.

Escaping Strings in MySQL

Use mysql_real_escape_string to escape strings before sending them to MySQL. Or, use PDO and bind values to fields.

Use filter_input

Instead of using $_GET[‘id’], how about using filter_input instead?

$itemId = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_SPECIAL_CHARS);

You can use INPUT_POST, INPUT_COOKIE, INPUT_SERVER, or INPUT_ENV too.

What other methods do you use for sanitizing user input?

Photo by dheuer

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the gambling and blockchain industries for major developments, new product and brand launches, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags

Related News

Pokemon hack
Pokemon hack – masses of employee data and more stolen from game developer
Paul McNally
A cinematic shot of a futuristic, empty military command centre. There's a large tactical display with a map of the UK. On the ground, there's a smartphone with a screen filled with various icons. The walls are lined with multiple screens displaying different data. The lighting is bright.
UK armed forces urged to revise smart devices in the wake of Hezbollah pager incident
Brian-Damien Morgan
A map from FlightAware
FlightAware data leak – you thought you were tracking planes, but now somebody could be tracking you – what you need to know
Paul McNally
Art from Disney's Epic Mickey Rebrushed
Disney hackers hang “inside man” out to dry as they name him and say they will release all his personal information “as a warning”
Paul McNally
'Largest password leak ever' exposes 10 billion passwords. This image depicts a dramatic digital representation of a cybersecurity breach, where two padlocks, one intact and one shattering, are shown against a dark background. The shattering padlock is emitting an explosive burst of colorful digital elements, symbolizing the release of a massive amount of data. This visualization powerfully illustrates the concept of a significant data breach, such as the leakage of numerous passwords.
‘Largest password leak ever’ exposes 10 billion credentials
Suswati Basu

Most Popular Gambling Stories

Latest News

A close-up photograph of a clean wooden desk surface with a single white envelope placed in the center. The envelope displays the word "notice" printed in bold black letters on the front, while the rest of the envelope remains completely blank with no other text or markings. The desk appears polished and uncluttered, with warm natural lighting casting subtle shadows that emphasize the stark simplicity of the scene. The envelope's crisp edges and pristine white paper create a sense of official importance against the rich wood grain texture.
Gambling

KSA issues notice to TOTO Online for violation of act
Sophie Atkinson9 hours

The Netherlands gambling authority, known as Kansspelautoriteit (KSA), has issued a notice to TOTO Online for “violating the Prevention of Money Laundering and Terrorist Financing Act." The regulator says the...

Popular TopicsArrow right.svg

Betting
Betting
Betting
Casino
Casino
Casino
Payments
Payments
Payments
Slots
Slots
Slots
Poker
Poker
Poker
Software
Software
Software