Last Updated: February 25, 2016
· soultheory

PHP Validate Input Function

A custom input validation function. It protects against MySQL injection and URL exploitations. In short, it is a great function for validating user input (examples such as login forms or email forms).

function validate($input)
    return str_replace(array('\\','(',')','#', ';','&', '%', ' '),'',trim(htmlspecialchars(preg_replace('/[^a-zA-Z0-9_ %\[\]\.\(\)%&-]/s', '', $input), ENT_QUOTES)));

3 Responses
Add your response


did you consider using filter_var?

over 1 year ago ·

Hey thanks yes I considered it. My function returns a santized string. I should have named it sanitizer to differentiate what I meant. The function is intended for those people who, for some strange reason, don't use PDO and are subject to SQL injection.

over 1 year ago ·

Anybody not using PDO should be using mysql_real_escape_string

over 1 year ago ·