19.04.2017, 15:43
You only have to sanitize user input, i.e. stuff that is passed through $_GET, $_POST or $_REQUEST. Whatever is already stored in the database ought to be already clean and doesn't have to be cleaned again.
So instead of
you do
So instead of
PHP код:
$user = $_POST['user'];
PHP код:
$user = filter_input(INPUT_POST, 'user', FILTER_SANITIZE_STRING);