Security should always be the first thing to consider, right? I think this question

Question

0

Asked: May 25, 20262026-05-25T16:03:13+00:00 2026-05-25T16:03:13+00:00

Security should always be the first thing to consider, right? I think this question

0

Security should always be the first thing to consider, right? I think this question is so important that someone should have asked before, but I didn’t find a satisfying answer for me in search results.

I need both to store user’s article contents in database and output it safely. But there’s so many ways to do this. I can do this using filter_var() ,strip_tags(), mysql_real_escape_string(),stripslashes()…etc. I can’t chose one to use, and i can’t confirm whether it’s safe enough to use one of them.

What is the best practice for sanitizing input and output?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T16:03:13+00:00

Simple: Don’t filter input. Escape output.

When you put something in a MySQL query with the mysql extension, use mysql_real_escape_string. (Even better, switch to PDO and use prepared statements.)
When you print something in a HTML page, use htmlspecialchars.
When you put something in a shell command, use escapeshellcmd/escapeshellarg.
For urls, use urlencode

See this answer too: PHP escaping input variables

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Security should always be the first thing to consider, right? I think this question

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply