I'm using php and I want to just ask if the function I'm using to sanitize my inputs is good enough from sql injections and other malicious stuff that can happen through an input.
public function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
Is it the most efficient way to sanitize a user's input?
Does it sanitize the input good enough from stopping malicious code going into my database?
Also this is just a bonus but if I sanitize a user's input will I need to be sanitizing anything else? I'm already binding the user's parameters before I enter them into the database.
The validation depending mainly on the context of your website, what's should be confirmed to keep database consistent as possible. Also there are some validations which are like a global or public, such as trim() and stripslashes()
The main function of validation is to check user inputs that will stored in database and used in future, such as email or phone number and password of user when login or sign-up. You should validate that phone number is numeric and only 12 length. Or validate that email is in correct format.
About what to use for validation, you can search about: FILTERs here https://www.w3schools.com/php/php_filter.asp ,
REGULAR EXPERSSIONS here https://www.w3schools.com/php/php_regex.asp
Other way is by using string functions: here https://www.w3schools.com/php/php_ref_string.asp