iCode101
Reputation: 414
User input validation before sanitizing?
If I want to validate user input, is it necessary to sanitize it beforehand?
$age = $_POST['age'];
if ($age == 18) {
echo 'is 18';
}
else
{
echo 'Is not 18';
}
does this example leave me vulnerable to attack? Should I have sanitised age before the if/else block?
$age = htmlentities($_POST['age'])
or
$age = stripslashes($_POST['age'])
Upvotes: 2
Views: 293
Answers (1)
deceze
Reputation: 522530
There is no possibility of any attack here. The input string is not evaluated as code or otherwise attempted to be executed in any way. You're just comparing a string to another string/number, which is a safe operation.
Upvotes: 4
Related Questions
- Sanitizing HTML input
- Codeigniter - best practice to sanitize input
- PHP - Properly validate and/or sanitize form input
- Input validation/sanitization - subtilities
- Sanitize User Input via PHP
- input sanitization VS validation
- PHP sanitisation for user input
- Sanitizing/validating user supplied values in php
- Sanitizing user input without converting to htmlentities
- sanitizing pre-filled user-supplied form input