How can I sanitize user input with PHP?
It’s a common misconception that user input can be filtered. PHP even has a (now deprecated) “feature”, called magic-quotes, that builds on this idea. It’s nonsense. Forget about filtering (or cleaning, or whatever people call it). What you should do, to avoid problems, is quite simple: whenever you embed a a piece of data within … Read more