Bummer! This is just a preview. You need to be signed in with an account to view the entire instruction.


Always Filter Inputs

The filter_input() function filters and validates external variables coming from insecure sources, such as input forms. This function is commonly used to prevent some security threats like SQL Injection(SQLi) attacks.

To illustrate this behavior, let’s take a simple query string like this:

http://yourdomain.com/index.php?name=<a href="https://google.com">Click Me</a>