Sanitize Form Input in PHP to Prevent SQL Injection and Spam
I had to create a custom form recently for my website in Wordpress and had to ensure I cleaned up the input to prevent SQL injection and SPAM. I could use the Contact Form 7 plugin but I had to format the input before sending via email. I used the strip_tags() and trim() PHP functions to sanitize the input $name = strip_tags(trim($name)); So if the input in the form field for name was: <a href="www.scam.com" target="_blank"> WIN</a> The output after using these two functions would just be WIN The trim() function cleared the whitespace before the word "win" and the HTML or PHP tags were removed completely