Tell me what screening to do for the fields "FULL NAME", "telephone" and "Description". At the moment I have the following

$name = $row['name']; $name = strip_tags($name); $name = htmlspecialchars($name); $name = mysqli_escape_string ($connection, $name); $name = addslashes($name);

but it looks too crooked.

Moreover, the format should be the following - phi- "'", phone- "+0", description- "' /"! @ # $% ^ & * () _ `".

And where to display the check in the body of the code or when checking $ _POST (at the beginning of the page)?

Thank you in advance.

  • 2
    None do not insert variables directly into the request, put ? and use the binding of variables to the query php.net/manual/ru/mysqli-stmt.bind-param.php - Mike
  • one
    And on the validity in each specific field of specific characters, you can use regular expressions. And if the subsequent output is expected back to the HTML text, then perhaps strip_tags or htmlspecialchars to exclude XSS - Mike

0