SECURING FORM INPUTS WITH PHP
Securing inputs in php forms is so important. Anyone can write their own scripts in the inputs, so it's important to avoid this.
Prepared statements are used specifically for SQL queries. I've written out an example of what prepared statements look like in PHP, along with notes on what each part means. Of course you make the connection to the database first, then the prepared statement is as follows:
Using this technique ensures that the database understands the query structure first before it fills out the values.
EXAMPLE 2:Another technique is using the two functions: htmlspecialchars and stripslashes are great for preventing scripts being entered into form inputs.
The two functions: htmlspecialchars and stripslashes can be used to avoid scripts being put into form inputs, which can cause pop ups like this:
In order to avoid an unwanted script passing through a form input (like above), the following code utilising htmlspecialchars and stripslashes can be used: