You need to do VALIDATION for the following things (& also you need corresponding MSG too)
- !empty
- strlen();
- is_numeric();
- filter_var($email, FILTER_VALIDATE_EMAIL)
To make all INPUTS safe to use, you should wrap them into this function:
mysqli_real_escape_string($conn, $email);And also to keep your data consistent on DB you should also add this:
/* just make sure that all data that is inserted into DB is consisten e.g LOWERCASE or just first letter is upper case */
$username = ucfirst(strtolower($username));
// no SPACES in username
$phone = str_replace(" ", "-", $phone);Basic syntacs:
$email = $_POST['email'];
$email_validate = filter_var($email, FILTER_VALIDATE_EMAIL);
$email_sanitize = filter_var($email_validate, FILTER_SANITIZE_EMAIL);Sanitization Filters:
- FILTER_SANITIZE_STRING: Remove all HTML tags and encode special characters.
- FILTER_SANITIZE_EMAIL: Remove all characters except letters, digits, and a few special characters.
- FILTER_SANITIZE_URL: Remove all characters except letters, digits, and a few special characters, and replace spaces with hyphens.
Validation Filters:
- FILTER_VALIDATE_EMAIL: Check if the provided value is a valid email address.
- FILTER_VALIDATE_URL: Check if the provided value is a valid URL.
- FILTER_VALIDATE_IP: Check if the provided value is a valid IP address.
Integer Filters:
- FILTER_VALIDATE_INT: Check if the provided value is a valid integer.
Float Filters:
- FILTER_VALIDATE_FLOAT: Check if the provided value is a valid float.
Boolean Filters:
- FILTER_VALIDATE_BOOLEAN: Check if the provided value is a valid boolean.