sanitizing_php_for_malicious_user_input
Sanitize PHP for Malicious User Input
All php input needs to be sanitized. For example,
instead of just doing:
$id = $_GET["id"];
change it to be something like:
if (isset($_GET["id"]) ) {
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_STRING);
if( preg_match("/^(al|ep)\d\d$/", $id) ) {
$id = $id;
} else $id = "";
} else $id = "";
sanitizing_php_for_malicious_user_input.txt · Last modified: 2025/03/20 19:11 by juckins