1

I have the below function to validate the user input. Can you suggest whether it is OK or not? I just need simple way of validating user input. no need complex way.

function cleanData($data) {
    $data = trim($data);
    $data = htmlentities($data);
    $data = mysql_real_escape_string($data);
    return $data;
}
Improve this question
3
  • I use a php library validation class, do you consider that too complex? Really you'd need a boot strap file to run each time but apart from that, usage of the validation class, including to do custom validation, cleaning inputs etc becomes trivial Commented May 7, 2011 at 5:32
  • what you are expecting the data to be? i.e. integer, floating point etc etc. only accept data according to your expectation and reject the other. thats it in simply. Commented May 7, 2011 at 5:32
  • To VALIDATE means to do certain checks. For example, you could see if $data is within a certain number range or length. But what you're doing is more like 'cleaning up' the variable. Do you want to make it more specific? Commented May 7, 2011 at 5:33

1 Answer 1

Reset to default
1

That's not a validation function. Your cleanData() function just escapes content. And it mixes HTML escaping with SQL escaping, where you should be applying each individually on a per use basis.

That approach is unprofessional, but in fact functional. (We've seen worse here). You do cover the common issues by using it. If you do in fact apply it to every incoming variable.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yep, well said. It in fact cleans the data and this is helpful to some extent in preventing against code/SQL injection, depending on of course, how it's going to be used.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.