PHP Validate Input Function
A custom input validation function. It protects against MySQL injection and URL exploitations. In short, it is a great function for validating user input (examples such as login forms or email forms).
function validate($input)
{
return str_replace(array('\\','(',')','#', ';','&', '%', ' '),'',trim(htmlspecialchars(preg_replace('/[^a-zA-Z0-9_ %\[\]\.\(\)%&-]/s', '', $input), ENT_QUOTES)));
}Written by Kadeem
Related protips
3 Responses
hi,
did you consider using filter_var? http://php.net/manual/en/function.filter-var.php
over 1 year ago
·
Hey thanks yes I considered it. My function returns a santized string. I should have named it sanitizer to differentiate what I meant. The function is intended for those people who, for some strange reason, don't use PDO and are subject to SQL injection.
over 1 year ago
·
Anybody not using PDO should be using mysql_real_escape_string http://php.net/manual/en/function.mysql-real-escape-string.php
over 1 year ago
·
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Best
#Php
Authors
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#