I am sending text data from a HTML text box to my mysql db and then pulling data back to the site. I am confused on the necessary steps as my reading as given mixed opinions.
I am currently using prepared statements to prevent sql injection, and using htmlspecialchars (or similar) to escape dangerous inputs before displaying on my site. Some sources also mention the need for input sanitation/validation while others day it is not necessary. In my case, I don't believe validation is necessary as I am submitting only text (and therefore am not check validity of email address etc). I also don't see the need for sanitation. Is this logical? is raw user input in my db an issue if I have used prepared statements and html escape functions?
Seems like a topic with no clear answer that depends on the situation so hoping for some clarification. Thanks!
I have tried the workflow with and without input sanitation!
source https://stackoverflow.com/questions/77591637/php-user-input-workflow-sanitization-validation-injection-prevention-html-esc
Hello, my name is Muhammad Athar. I'm a 17 year old student. I'm a Web Developer, Designer and Freelancer.
No comments:
Post a Comment