What is the best practice for handling form data validation and insertion into MySQL using PHP?

When handling form data validation and insertion into MySQL using PHP, it is best practice to sanitize user input to prevent SQL injection attacks and validate the data to ensure it meets the required criteria before inserting it into the database. This can be achieved by using PHP functions like mysqli_real_escape_string() for sanitizing input and validating functions like filter_var() or regular expressions for data validation. 

// Connect to MySQL database
$mysqli = new mysqli("localhost", "username", "password", "database");

// Sanitize user input
$name = $mysqli->real_escape_string($_POST['name']);
$email = $mysqli->real_escape_string($_POST['email']);

// Validate user input
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Invalid email format";
} else {
    // Insert data into MySQL
    $query = "INSERT INTO users (name, email) VALUES ('$name', '$email')";
    $result = $mysqli->query($query);

    if ($result) {
        echo "Data inserted successfully";
    } else {
        echo "Error inserting data: " . $mysqli->error;
    }
}

// Close database connection
$mysqli->close();

Keywords

form data validation MySQL insertion PHP data sanitization error handling

Related Questions