how to remove hazardous character in php

I have to remove hazardous chracter from my query post string. Is there any function define in开发者_运维知识库 php to remove directly or another way ?

First thing first what do you use these strings for ?

• If you store them in a database : use parameterized queries (use mysqli or PDO instead of mysql).
• If you display them in a webpage : use htmlspecialchar to filter HTML code
• If you use it to redirect the user to some page : filter \n and \r character
• If you use it to send emails : filter \n and \r characters too
• If you want to avoid CSRF : don't forget to check the random token you'll have put in your form
• If you use it to get the path to a file on your system : don't
• Whatever you do, don't forget to use the filter_input function to get your data as it handle the magic_quotes

Don't forget to check the OSWAP top 5

I hope you aren't putting sql queries into a GET string... but whatever.

If this is for a query, use mysql_real_escape_string.

In normally for this, we can use addslashes and stripslashes in php.

But better method is to use mysql_real_escape_string for query to avoid this type of sql injection.

Filter the input?

Use strip_tags(), htmlspecialchars() and htmlentities().