What is a proper way to filter parameters passed in functions? The goal is

Question

0

Asked: May 23, 20262026-05-23T23:02:42+00:00 2026-05-23T23:02:42+00:00

What is a proper way to filter parameters passed in functions? The goal is

0

What is a proper way to filter parameters passed in functions? The goal is to make the function secure, especially when working with a database.

Example:

function user_profile($user_id)
{
   //get user's profile data
   $query = "SELECT * FROM `users` WHERE `user_id` = $user_id";
}

$user_id is a URI segment.

Other general examples are welcomed.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T23:02:42+00:00

To escape strings, use the same method you’d use outside the function:

$user_id= mysql_real_escape_string($user_id);

If you’re expecting the value to be, for example, an integer and would like to return error from the function if it isn’t, you can do something like:

if (!is_int($user_id)) {
  return FALSE;
}
else // do you query

Or if you expect it to match some specific pattern, do so with preg_match():

// For example, $user_id should be 4 letters and 4 numbers
if (!preg_match("/^[A-Z]{4}[0-9]{4}$/", $user_id)) {
   return FALSE;
}
else // do you query

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

What is a proper way to filter parameters passed in functions? The goal is

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply