What are some common techniques for validating and sanitizing user input in PHP forms?
Validating and sanitizing user input in PHP forms is crucial to prevent security vulnerabilities such as SQL injection and cross-site scripting attacks. Common techniques include using built-in PHP functions like filter_var() for validation and htmlentities() for sanitization.
// Validate and sanitize user input
$name = isset($_POST['name']) ? $_POST['name'] : '';
$email = isset($_POST['email']) ? $_POST['email'] : '';
// Validate email format
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "Invalid email format";
}
// Sanitize input to prevent XSS attacks
$name = htmlentities($name);
$email = htmlentities($email);