etutorialspoint
  • Home
  • PHP
  • MySQL
  • MongoDB
  • HTML
  • Javascript
  • Node.js
  • Express.js
  • Python
  • Jquery
  • R
  • Kotlin
  • DS
  • Blogs
  • Theory of Computation

PHP sanitize input for MySQL

In this article, you will learn how to sanitize user input for MySQL using PHP.

Data Sanitization is a vital piece of web improvement, particularly while working with a form where the client first enters their own information and afterward sends that to the database. The code injection is one of the most oldest code infusion strategy which attacker generally used to abuse web applications. Like, if an attacker is able to embed some vulnerable query as input, then that input may get some significant information from your database or erase some data or might be able to erase the entire database. This becomes the common problem for exploiting web applications. By utilizing this the attacker can disregard transactions, they can turn into an administrator of database, or they can likewise impact our bank balance. Before prevention techniques, first, let's know how the attacker attempts on database.





SQL Injection 1=1

Suppose, there is a table in database name 'company' and 'cmp_name' is one of it's field. In the front end, there is some search module that select company information on the basis of company name. In the controller, for the most part we compose the query to fetch the searched company name as -

$query = "SELECT * FROM company WHERE cmp_name = '$cmpname' ";

Suppose the attacker goes to this search module in front end and instead of company name, he has given the below code in company name variable as

 OR '1' = '1'

At this point the select query becomes -

$query = "SELECT * FROM company WHERE cmp_name = '$cmpname' OR '1' = '1' ";

AS '1' = '1' condition always evaluates to true and executed and fetch all the data from company table. By this way the attacker can fetch all the company data. Therefore, to protect the database from attackers, it is important to filter and sanitize the client entered information prior to sending it to the database.

PHP provides different variables for sanitizing data. For example, passing in FILTER_SANITIZE_EMAIL will remove characters that are inappropriate for an email address to contain. That said, it does not validate the data. These are the some examples of data sanitize variables -

PHP Sanitize Email

The PHP variable FILTER_SANITIZE_EMAIL is used to sanitize the email. It removes all illegal characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].

Example -
<?php

$email = "This email address is being protected from spambots. You need JavaScript enabled to view it."; 
  
// Sanitizing the email 
$email = filter_var($email , FILTER_SANITIZE_EMAIL); 
  
//Validating 
if (!filter_var($email , FILTER_VALIDATE_EMAIL) === false) { 
    echo("$email is valid"); 
} else { 
    echo("$email is invalid"); 
} ?>




PHP Sanitize String

The PHP variable FILTER_SANITIZE_STRING is used to sanitize the string. It strips all the HTML tags from a string.

<?php

$str= "<h2>Welcome to ETUTORIALSPOINT</h2>"; 
$str_new= filter_var($str, FILTER_SANITIZE_STRING); 
echo $str_new; 

?>


PHP Sanitize URL

The PHP constant FILTER_SANITIZE_URL removes all characters except letters, digits and $-_.+!*'(),{}|\\^~[]`<>#%";/?:@&= from the sdURL string.

<?php

$url = "https://www.etutorialspoint.com"; 
  
//url sanitizer 
$url = filter_var($url, FILTER_SANITIZE_URL); 
  
//url validator 
if (!filter_var($url, FILTER_VALIDATE_URL) === false) { 
    echo("$url is valid"); 
} else { 
    echo("$url is invalid"); 
} 
?>


PHP Sanitize Input

The PHP FILTER_SANITIZE_ENCODED constant is used to remove or encode special characters in URL.

<?php
   $url="www.etutorialspointÅÅ.com";
   $url = filter_var($url, FILTER_SANITIZE_ENCODED, FILTER_FLAG_STRIP_HIGH);
   echo $url;
?>


PHP Sanitize Number Input

The PHP FILTER_SANITIZE_NUMBER_INT constant remove all characters except digits, plus and minus sign.

<?php
  $number="2-5+1qf";

  var_dump(filter_var($number, FILTER_SANITIZE_NUMBER_INT));
?>




Related Articles

JavaScript display PDF in the browser using Ajax call
How to display PDF file in PHP from database
How to read CSV file in PHP and store in MySQL
Create And Download Word Document in PHP
PHP SplFileObject Standard Library
Simple File Upload Script in PHP
Sending form data to an email using PHP
Recover forgot password using PHP and MySQL
Php file based authentication
Simple PHP File Cache
How to get current directory, filename and code line number in PHP




Most Popular Development Resources
Characteristics of a Good Computer Program
-----------------
Retrieve Data From Database Without Page refresh Using AJAX, PHP and Javascript
-----------------
PHP MySQL PDO Database Connection and CRUD Operations
-----------------
How to get data from XML file in PHP
-----------------
Hypertext Transfer Protocol Overview
-----------------
PHP code to send email using SMTP
-----------------
PHP Create Word Document from HTML
-----------------
How to encrypt password in PHP
-----------------
Splitting MySQL Results Into Two Columns Using PHP
-----------------
Create Dynamic Pie Chart using Google API, PHP and MySQL
-----------------
How to get current directory, filename and code line number in PHP
-----------------
Dynamically Add/Delete HTML Table Rows Using Javascript
-----------------
Get current visitor\'s location using HTML5 Geolocation API and PHP
-----------------
How to Sort Table Data in PHP and MySQL
-----------------
PHP MYSQL Advanced Search Feature
-----------------
Simple star rating system using PHP, jQuery and Ajax
-----------------
Simple pagination in PHP with MySQL
-----------------
Fibonacci Series Program in PHP
-----------------
jQuery loop over JSON result after AJAX Success
-----------------
PHP user registration and login/ logout with secure password encryption
-----------------
Submit a form data using PHP, AJAX and Javascript
-----------------
How to add multiple custom markers on google map
-----------------
Recover forgot password using PHP7 and MySQLi
-----------------
Php file based authentication
-----------------
Simple PHP File Cache
-----------------
Polling system using PHP, Ajax and MySql
-----------------
PHP Secure User Registration with Login/logout
-----------------
jQuery File upload progress bar with file size validation
-----------------
SQL Injection Prevention Techniques
-----------------
CSS Simple Menu Navigation Bar
-----------------
Preventing Cross Site Request Forgeries(CSRF) in PHP
-----------------
Simple way to send SMTP mail using Node.js
-----------------
Simple File Upload Script in PHP
-----------------
PHP User Authentication by IP Address
-----------------
How to generate QR Code in PHP
-----------------
Calculate the distance between two locations using PHP
-----------------
Detect Mobile Devices in PHP
-----------------
To check whether a year is a leap year or not in php
-----------------
Set and Get Cookies in PHP
-----------------
PHP Server Side Form Validation
-----------------
Date Timestamp Formats in PHP
-----------------
Simple Show Hide Menu Navigation
-----------------
Get Visitor\'s location and TimeZone
-----------------
Convert MySQL to JSON using PHP
-----------------
PHP Programming Error Types
-----------------
PHP Sending HTML form data to an Email
-----------------
Driving route directions from source to destination using HTML5 and Javascript
-----------------
Google Street View API Example
-----------------
How to print specific part of a web page in javascript
-----------------
How to select/deselect all checkboxes using Javascript
-----------------
How to add google map on your website and display address on click marker
-----------------
PHP Getting Document of Remote Address
-----------------
PHP Connection and File Handling on FTP Server
-----------------
File Upload Validation in PHP
-----------------
R Plot Types
-----------------


Most Popular Blogs
Most in demand programming languages
Best mvc PHP frameworks in 2019
MariaDB vs MySQL
Most in demand NoSQL databases for 2019
Best AI Startups In India
Kotlin : Android App Development Choice
Kotlin vs Java which one is better
Top Android App Development Languages in 2019
Web Robots
Data Science Recruitment of Freshers - 2019


Interview Questions Answers
Basic PHP Interview
Advanced PHP Interview
MySQL Interview
Javascript Interview
HTML Interview
CSS Interview
Programming C Interview
Programming C++ Interview
Java Interview
Computer Networking Interview
NodeJS Interview
ExpressJS Interview
R Interview


Popular Tutorials
PHP Tutorial (Basic & Advance)
MySQL Tutorial & Exercise
MongoDB Tutorial
Python Tutorial & Exercise
Kotlin Tutorial & Exercise
R Programming Tutorial
HTML Tutorial
jQuery Tutorial
NodeJS Tutorial
ExpressJS Tutorial
Theory of Computation Tutorial
Data Structure Tutorial
Javascript Tutorial




General Knowledge

listen
listen
listen
listen
listen
listen
listen
listen
listen


Learn Popular Language

listen
listen
listen
listen
listen

Blogs

  • Jan 27

    Best AI Startups In India

    Artificial Intelligence is a process of making an intelligent computer machine that does tasks intelligently...

  • Jan 23

    Most in demand programming languages for 2019

    In this article, we have mentioned the analyzed results of the most in demand programming language for 2019...

  • Jan 15

    Web Robots

    Web robots is an internet robot or simply crawlers, or spiders and do not relate this with hardware robots...

  • Jan 12

    Most in demand NoSQL databases software for 2019

    In this article, we have mentioned the analyzed result of most in demand NoSQL database softwares for 2019...

  • Jan 10

    Kotlin : Android App Development Choice

    Kotlin is a general-purpose open-source programming language. It runs on the JVM and its syntax is much like Java...

Follow us

  • etutorialspoint facebook
  • etutorialspoint twitter
  • etutorialspoint linkedin
etutorialspoint youtube
About Us      Contact Us


  • eTutorialsPoint©Copyright 2016-2020. All Rights Reserved.