Sanitizing Data sent to Database

Question

This is code from my user registration site where data is being sent to the database. My question is if this is the correct and proper way to sanitize the data that is being sent? Also, how can I test it?

function test_input($data) { 
$data = trim($data); 
$data = stripslashes($data); 
$data = htmlspecialchars($data); 
return $data; 
}

    $email = test_input($_POST['email']);
    $firstname = test_input($_POST['firstname']);
    $lastname = test_input($_POST['lastname']);
    $user = test_input($_POST['user']);
    $pass = test_input($_POST['pass']);
    $passnew = md5($pass);

right way and also use mysqli_real_escape_string example $firstname = mysqli_real_escape_string($con, $_POST['firstname']); — JYoThI, Jul 01 '16 at 03:29
and aslo use mysqli prepared statement to avoid sql injection — JYoThI, Jul 01 '16 at 03:29
can you please show where I can incorporate mysqli_escape_string in the function? — Oceans, Jul 01 '16 at 03:49

score 0 · Answer 1 · edited May 23 '17 at 10:28

0

I guess This post answers all your questions. Moreover you'll get to know when to actually escape or sanitize user input.

edited May 23 '17 at 10:28

Community

1
1

answered Jul 01 '16 at 03:29

Asif Rahaman

775
6
10

Sanitizing Data sent to Database

1 Answers1