Last Updated: February 25, 2016
·
1.378K
· soultheory

PHP Validate Input Function

A custom input validation function. It protects against MySQL injection and URL exploitations. In short, it is a great function for validating user input (examples such as login forms or email forms).

function validate($input)
{
    return str_replace(array('\\','(',')','#', ';','&', '%', ' '),'',trim(htmlspecialchars(preg_replace('/[^a-zA-Z0-9_ %\[\]\.\(\)%&-]/s', '', $input), ENT_QUOTES)));
}

3 Responses
Add your response

hi,

did you consider using filter_var? http://php.net/manual/en/function.filter-var.php

over 1 year ago ·

Hey thanks yes I considered it. My function returns a santized string. I should have named it sanitizer to differentiate what I meant. The function is intended for those people who, for some strange reason, don't use PDO and are subject to SQL injection.

over 1 year ago ·

Anybody not using PDO should be using mysql_real_escape_string http://php.net/manual/en/function.mysql-real-escape-string.php

over 1 year ago ·