This is one of things that I really don’t get. I know that it’s

Question

0

Asked: May 18, 20262026-05-18T19:51:45+00:00 2026-05-18T19:51:45+00:00

This is one of things that I really don’t get. I know that it’s

0

This is one of things that I really don’t get. I know that it’s super-important to escape any user sent data. There are lot of methods how to do that: stripslashes() (removes backslashes), strip_tags (removes HTML and PHP tags), htmlSpecialChars (for example, change & to &), regex’s (preg_match()) to do not allow process “bad” data.

When to use, how to use, why to use?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T19:51:46+00:00

If you take the contents of, say, $_POST['album_name'], and out put it directly on your page, then someone could submit HTML and JavaScript, which would then become a part of the page, and now your site is hacked.

Or, you could take the contents of $_POST['album_name'] and put it into an SQL query. But the user has written their own SQL query, which you have now run, and now your database is hacked.

http://xkcd.com/327/

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

This is one of things that I really don’t get. I know that it’s

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply