Sanitize Form Input in PHP to Prevent SQL Injection and Spam

I had to create a custom form recently for my website in Wordpress and had to ensure I cleaned up the input to prevent SQL injection and SPAM.  I could use the Contact Form 7 plugin but I had to format the input before sending via email.

 I used the strip_tags() and trim() PHP functions to sanitize the input

 $name = strip_tags(trim($name));

 So if the input in the form field for name was: 

 <a href="www.scam.com" target="_blank">    WIN</a>

 The output after using these two functions would just be WIN

 The trim() function cleared the whitespace before the word "win" and the HTML or PHP tags were removed completely

Comments

Post a Comment

Popular posts from this blog

How to Display Custom Wordpress Header with Google Analytics Site Tage and Adwords Site Tag

This post assumes you know how to create custom page templates in Wordpress using child themes. Locate this line of code in your page template (page.php) get_header(); Download the header.php file from the parent theme folder into your child theme folder Rename the header.php file you downloaded to header-with-analytics.php Change the get_header function in your page template to include the custom header file. In the brackets add the custom header filename like this get_header("with-analytics"); Everything after the header- in the filename is what you place between the brackets. Save and upload the custom header PHP file. Upload your modified page template file (page.php) Now the page template will load your custom header file called header-with-analytics.php Place your Google Analytics Site Tag or Google Adwords Conversion Tracking code in this header-with-analytics.php file as per Googles instructions.
Read more