setup http server debian | prepared statement in php | how to set up the proxy for openvpn client


Sanitize User Input Text with PHP

When you prompt user to input text (e.g. username, lastname etc), you may use Regular expressions to sanitize User Input, for example:

allow space, any unicode letter

if(preg_match("/[^\040\pL]/u", $term)) {
	die 'invalid characters';

allow space, any unicode letter and digit, underscore and dash:

if(preg_match("/[^\040\pL\pN_-]/u", $term)) {
	die 'invalid characters';

Never trust user input to avoid SQL Injection attacks or other type of attacks. You may use Prepared Statements when you insert user data in the database, but the first step is to sanitize user input.


Regular expressions (regex)

Sign-up for our free email newsletter. Get updates when new tutorials and tips are published. You can unsubscribe anytime with a click.

Your comments are welcomed!

This site actively encourages commenting on any post. Comments are not pre-moderated, but this community does not tolerate direct or indirect attacks, name-calling or insults. Please, read terms of use and Comment Policy at privacy policy.

More tips