Increase Server-Side Security in PHP
PHP

By Admin - June 13, 2017 1:19 pm   2   217   1

Nowadays, hacking is very popular. Everyone knows how to hack and find out the vulnerabilities in someone s website So we have to secure our code...

This code helps you to replace single quotes with white space and all html tags with html special characters. The main thing is this code allows only Alphabets and Numbers so anyone can't insert any tag in database to hack your website.

If you are using mysql then your code is : 

  1. With POST method :

$variable_name = strip_tags(htmlspecialchars(mysql_real_escape_string($_POST['variable_name'])));
if(!preg_match("/[A-Za-z0-9]/",$variable_name)) { echo $variable_name= ""; }
$variable_name= str_replace("'"," ",$variable_name);


  2. With GET method :

$variable_name = strip_tags(htmlspecialchars(mysql_real_escape_string($_GET['variable_name'])));
if(!preg_match("/[A-Za-z0-9]/",$variable_name)) { echo $variable_name= ""; }
$variable_name= str_replace("'"," ",$variable_name);


If you are using mysqli then your code is : 

  1. With POST method :

$variable_name = strip_tags(htmlspecialchars(mysqli_real_escape_string($your_connection_variable_name, $_POST['variable_name'])));
if(!preg_match("/[A-Za-z0-9]/",$variable_name)) { echo $variable_name= ""; }
$variable_name= str_replace("'"," ",$variable_name);


  2. With GET method :

$variable_name = strip_tags(htmlspecialchars(mysqli_real_escape_string($your_connection_variable_name, $_GET['variable_name'])));
if(!preg_match("/[A-Za-z0-9]/",$variable_name)) { echo $variable_name= ""; }
$variable_name= str_replace("'"," ",$variable_name);



Comment


Sam Thakur Sam Thakur samthakur0326@gmail.com
June 13, 2017 2:10 pm

Nice. Keep Sharing