Validating user input php
You can use this function to check the numeric values. To achieve this we use need to validate it not only with our basic sanity checks but with a regular expression or 'regex'.
This can be anything from by-passing access controls to executing system commands.
This is by no means confined to My SQL, Postgre SQL and others are just as vulnerable.
For an excellent description of this consult The PHP Manual section on SQL Injection So, before we insert our data, lets put together a little table in the test database of mysql.
This will save the honest users from their own stupidity. With the maxlength set in our form, we can prevent most users from accidentally entering strings of 2 megabytes or something silly. As you can see in our form the action is $_SERVER['PHP_SELF'] so that it posts to itself and htmlentities to ensure safety against Cross Site Scripting (XSS). For now, we will check the inputs that we know are strings.
We have 5 input fields named: With this in mind, we can now begin to check them individually for content. As PHP is loosely typed, all your information from the form will be a string. We know from our maxlengths the maximum length our string should be.