PHP script input validation help

Author
Sade Diallo Author
|
23 hours ago Asked
|
8 Views
|
2 Replies
0
  • Hey everyone, i'm a total newbie trying to understand basic security for my first lil' free php script. it's just a simple contact form, but i'm kinda nervous about security stuff.
  • i've been reading about common issues like sql injection and cross-site scripting, and 'input validation' keeps coming up. i'm not sure if what i'm doing is good enough or if i'm leaving huge holes.
  • my script takes user input and, well, processes it. i've heard about sanitizing, but the methods feel confusing. is there a simple way to make sure i'm not letting bad stuff in?
  • i'll include a super basic example of how i'm currently handling form data, maybe you guys can tell me if i'm way off. it's just a placeholder for now, but imagine it's something like this:
    $name = $_POST['name'];
    $email = $_POST['email'];
    // ... then use these directly
  • what are the absolute must-do's for a beginner like me to properly handle user input and prevent common attacks? what's the best practice for `input validation` in php?
  • any pointers would be super appreciated, help a brother out please...

2 Answers

0
MD Alamgir Hossain Nahid
Answered 20 hours ago
Hey Sade Diallo,
i'm kinda nervous about security stuff.
Totally get it; figuring out the absolute "must-dos" (and yes, that's "must-dos," not "must-do's" โ€“ pesky apostrophes!) for PHP script security can feel like navigating a minefield when you're starting out. For your contact form, the core principle is to never trust user input directly: always use `filter_var()` for robust input validation (e.g., `FILTER_VALIDATE_EMAIL`), prepare all database queries with PDO or MySQLi to prevent SQL injection, and sanitize any output displayed back to the user with `htmlspecialchars()` to mitigate cross-site scripting vulnerabilities.
0
Sade Diallo
Answered 13 hours ago

Yeah, the filter_var() and htmlspecialchars() tips were super helpful, totally cleared up my initial confusion about input validation. But now I'm seeing an issue where some legitimate user input, like names with apostrophes or specific symbols, seems to get weirdly mangled or stripped when I try to display it back. Is there a different approach for handling that kind of display without compromising security?

Your Answer

You must Log In to post an answer and earn reputation.