I am a beginner PHP developer who was working with an issue regarding PHP script injection.
Fortunately PHP has functions like filter_var and strip_tags which did the job perfectly for me.
But I don't understand the difference between the terms Sanitize and Validate
Please explain me the difference, Thanks
To validate is to make sure that the input matches your business rules. If it doesn't, you reject the input. You could be expecting user to provide you a number but if you receive something that's not a number, then that's a validation error.
Whereas sanitizing means to ensure that the format of the input doesn't break its container. This could be a semicolon(;) mistakenly added to the input by the user so you remove/escape it for him when it gets sent to you. Sanitization is also used to escape any attempt to cause data corruption when dealing with database based on user input.