1 Star2 Stars3 Stars4 Stars5 Stars (16 votes, average: 5.00 out of 5)

SANITIZE STRINGS BEFORE INSERTING INTO DATABASE PHP MYSQL AJAX JQUERY

You need to sanitize your string before you insert them into your databases. We show you how to do that in this lesson with “FILTER_SANITIZE_STRING”, “FILTER_SANITIZE_EMAIL” and “FILTER_FLAG_STRIP_HIGH”. We use jQuery and AJAX to pass the variables to the processor. This lesson is a continuation of the last lesson Create Secure Password Sign Up Script With PHP jQuery and AJAX.

Resources for Sanitizing a String in PHP *

There are several different ways of sanitizing a string before you insert it into your database. Here are a few.

  • FILTER_SANITIZE_EMAIL This will create a filter for email addresses. In the video tutorial I put a flag on this sanitize function but that is not necessary. I corrected it in the code below.
  • FILTER_SANITIZE_ENCODED This will encode a URL string.
  • FILTER_SANITIZE_MAGIC_QUOTES This will use the addslashes() PHP function to escape quotes.
  • FILTER_SANITIZE_STRING This will strip tags and encode special characters.

See a complete list here at php.net.

mysqli_real_escape_string *

We also use mysqli_real_escape_string to sanitize strings when inserting into our database. This will escape special characters in a string to use in mysql.

This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.

Scripts for this tutorial located here.

SANITIZE STRINGS BEFORE INSERTING INTO DATABASE PHP MYSQL AJAX JQUERY was last modified: June 11th, 2017 by Maximus Mccullough

SANITIZE STRINGS BEFORE INSERTING INTO DATABASE PHP MYSQL AJAX JQUERY

Pages: 1 2 Next

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.