If you want to apply mysqli_real_escape_string() to an entire $_POST array here is how you can do it assuming $conn is your mysqli connection Also good to note that you should always use prepared statements and do not rely on this function alone for security. I personally use this function not as a security measure… Continue reading Escape $_POST with mysqli_real_escape_string
How to Check If a String Contains a Specific Word in PHP
If you want to search for a “word” (string) within text (string) you have ready built-in functions in PHP. But with my function you will make them a little easier to use. So the built-in function for PHP 8+ is str_contains and for PHP before version 8 – strpos, with strpos a lot more difficult… Continue reading How to Check If a String Contains a Specific Word in PHP
Sanitize GET request in PHP
Here is how you can sanitize the entire GET array in PHP using filter_input_array with FILTER_SANITIZE_ENCODED. In this example if someome was to pass a malicious +OR+1=1– as a query string https://example.com/sale?category=Gifts%27+OR+1=1– Now, let’s try sanitizing The effect is the same as putting htmlspecialchars() but in this method is useful if you have a large… Continue reading Sanitize GET request in PHP