Possible Duplicate:
Best way to prevent SQL injection in PHP?
My html web form in the php site takes data from the client side and puts it into the mysql database. I was wondering the steps needed to sanitize the data before storing it into mysql.
Assuming this sanitization would need to be performed using PHP and then inserted into Mysql, could you please let me know what all needs to be taken care of?
As a special case, apart from general sanitization, I would want to remove all special characters, spaces, and convert all characters into their lower case before putting into the database. What are the functions that I need to look at for doing this?
I’m quite new to php.
Thanks.
1.mysqli_real_escape_string() or mysql_real_escape_string() to escape quotes
2.use php filter_input for other form data
There are other options into php manual here is link
http://php.net/manual/en/function.filter-input.php
http://www.php.net/manual/en/filter.filters.sanitize.php