When you prompt user to input text (e.g. username, lastname etc), you may use Regular expressions to sanitize User Input, for example:
allow space, any unicode letter
if(preg_match("/[^�40pL]/u", $term)) {
die 'invalid characters';
}
allow space, any unicode letter and digit, underscore and dash:
if(preg_match("/[^�40pLpN_-]/u", $term)) {
die 'invalid characters';
}
Never trust user input to avoid SQL Injection attacks or other type of attacks. You may use Prepared Statements when you insert user data in the database, but the first step is to sanitize user input.
References
Regular expressions (regex)
Entrepreneur | Full-stack developer | Founder of MediSign Ltd. I have over 15 years of professional experience designing and developing web applications. I am also very experienced in managing (web) projects.
