What are best practices for handling form data using $_POST in PHP?
When handling form data using $_POST in PHP, it is important to sanitize and validate the input to prevent security vulnerabilities such as SQL injection or cross-site scripting attacks. One common best practice is to use functions like htmlspecialchars() and mysqli_real_escape_string() to sanitize user input before storing or displaying it. Additionally, always validate the input against expected data types and formats to ensure data integrity.
// Sanitize and validate form data using $_POST in PHP
$name = isset($_POST['name']) ? htmlspecialchars($_POST['name']) : '';
$email = isset($_POST['email']) ? filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) : '';
$age = isset($_POST['age']) ? filter_var($_POST['age'], FILTER_VALIDATE_INT) : 0;
// Connect to database and sanitize input
$conn = new mysqli($servername, $username, $password, $dbname);
$name = $conn->real_escape_string($name);
$email = $conn->real_escape_string($email);
// Perform SQL query with sanitized data
$sql = "INSERT INTO users (name, email, age) VALUES ('$name', '$email', $age)";
$conn->query($sql);
// Close database connection
$conn->close();