Don't Reject Something

Imam Ali Mustofa - Mar 25 '21 - - Dev Community

Hi there,

In line with the title (I don't want to say it again). I warn you again not to waste a minute of your time reading this article, because it is useless.

Sanitize database inputs

When inserting data in your database, you have to be really careful about SQL injections and other attempts to insert malicious data into the db. The function below is probably the most complete and efficient way to sanitize a string before using it with your database.

<?php

function cleanInput($input) {

  $search = array(
    '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
    '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
    '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
    '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
  );

    $output = preg_replace($search, '', $input);
    return $output;
}

function sanitize($input) {
    if (is_array($input)) {
        foreach($input as $var=>$val) {
            $output[$var] = sanitize($val);
        }
    }
    else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $input  = cleanInput($input);
        $output = mysql_real_escape_string($input);
    }
    return $output;
}
?>
Enter fullscreen mode Exit fullscreen mode

Here’s some examples of use:

<?php
  $bad_string = "Hi! <script src='http://www.evilsite.com/bad_script.js'></script> It's a good day!";
  $good_string = sanitize($bad_string);
  // $good_string returns "Hi! It\'s a good day!"

  // Also use for getting POST/GET variables
  $_POST = sanitize($_POST);
  $_GET  = sanitize($_GET);
?>
Enter fullscreen mode Exit fullscreen mode

In my opinion, this is a very tedious and addictive step in the code for the application you are currently developing. There are too many functions and techniques that make your job as a php developer difficult.

So, it's better not to write a line of the above code in the code you are working on. Even when there is an injection into your database or your client's, it will add a surprising new variation and get your adrenaline pumping as a programmer to get anger from clients or warning letters from project managers.

Thank you for reading this useless article, because what I say is true and may or may not be true. There is absolutely no benefit.

Source Code From:
https://css-tricks.com/snippets/php/sanitize-database-inputs/

Image
How do I register for an SSO ID on the Rajasthan portal?
Image
Error handling in Next.js App Router

nextjs, javascript, react, beginners
Image
Architectural Patterns In Mobile Development

mobile, android, ios, programming
Image
My Journey into Backend Development: Tackling My First NodeJS Challenge

node, javascript, beginners, backenddevelopment
Image
Exploring the Role of Quantum Error Correction Codes in Protecting Quantum Information

quantumcomputing, errorcorrection, innovation
Image
TeaTv App Recommended for web-series and movies

teatv, appsync, apk, webdev
Image
Tips to Improve your JavaScript Skills

webdev, javascript, beginners, programming
Image
The Technological Transformation of Construction Key Advancements

constructiontechnology, innovativebuilding, smartconstruction, aiinconstruction
Image
Mobile Development Platforms 101

mobile, flutter, android, ios
Image
Trimble App Xchange Revolutionizing Construction Data Management and Interoperability

constructiontechnology, datamanagement, interoperability, trimbleappxchange
Image
Nma gap tinchmisila
Image
Exploring the Potential of Space-Based Geoengineering to Mitigate Climate Change

climatechange, geoengineering, spacetechnology
Image
Exploring Frontend Technologies: Svelte vs. Vue.js

webdev, frontend, intern, javascript
Image
Sentient anything or everything ?

ai
Image
# Creating Virtual Machines on Cloud Platforms: AWS, Azure, and GCP

aws, gcp, azure, virtualmachine
Image
Building a Static Website with Terraform: Step-by-Step Guide
Image
Agave vs Procore vs Trimble App Xchange A Comprehensive Comparison of Construction Tech Integration Platforms

constructiontechnology, dataintegration, interoperability, agave
Image
Exploring the B.Sc Nursing Course at Dev Bhoomi Uttarakhand University
Image
How To Download Morning Vibez

audioloops, samplepack, music
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .