what is a good practice to sanitize data before it goes to database?

Question

I have all of the following data types that I tried to use filters to santize them but I got zeros in the database instead of the actual data. So my question is what is a best practice to sanitize each one of these data types so that actual data goes into the database not zeros.

Also i hope I can ask this question too: What if user wants to update 1 of these fields and leave the rest as they were entered before, would the new post delete the others in the database?

Here is my code:

<?php 
require('included/header.php'); 

$database = new Database;


if(isset($_POST['submit'])) {
    $fname = $_POST['fname'];    
    $lname = $_POST['lname'];    
    $profession = $_POST['profession'];  
    $phone = $_POST['phone'];  
    $fax = $_POST['fax'];  
    $filtered_email = $_POST['email'];   
    $workbio = $_POST['workbio'];  
    $employers = $_POST['employers'];  
    $years = $_POST['years_in_industry'];
    // $radio = isset($_POST['radio']);

    $database->query('INSERT INTO users (firstname, lastname, profession, phone, fax, email, projects, companies, exp_years) 
                VALUES 
                (:fname, :lname, :profession, :phone, :fax, :email, :workbio, :employers, :years_in_industry)');


$database->bind(':fname', $fname);
$database->bind(':lname', $lname);
$database->bind(':profession', $profession);
$database->bind(':phone', $phone);
$database->bind(':fax', $fax);
$database->bind(':email', $filtered_email);
$database->bind(':workbio', $workbio);
$database->bind(':employers', $employers);
$database->bind(':years_in_industry', $years);

$database->execute();

if($database->lastInsertId()) 
    {
        echo "<p>Profile Updated!</p>";
    }
}
?>

You don't need to sanitize the data. Check that the form is valid and if it is, insert the values. Atm you are inserting data as long as the form is submitted, you probably want to validate that at least the email address is a valid email. — JimL, Jul 10 '16 at 08:50
@JimL thanks Jim. But can I ask you another question too please? That is: I have several fields. They all belong to profile page. Now lets say if a user wants to update their name but not the rest of their info. Well, if they update one field and leave the rest, would the rest become null since they would have no value for second time posting. — Ramin K, Jul 10 '16 at 09:00
if you have an edit profile form you'd normally fetch the user data and set the existing values in the form. Meaning the form will be populated as the user will be stored as expected. — JimL, Jul 10 '16 at 09:18

what is a good practice to sanitize data before it goes to database?

0 Answers0