Docs/PHP/Forms & Input

PHP Forms

Keamanan

  • htmlspecialchars() — cegah XSS
  • filter_var() — validasi & sanitize
  • filter_input() — filter dari super global

Filter Constants

  • FILTER_VALIDATE_EMAIL
  • FILTER_VALIDATE_URL
  • FILTER_VALIDATE_INT
  • FILTER_SANITIZE_STRING
  • FILTER_SANITIZE_EMAIL
index.php
Try It →
<?php
// Simulating form input
$name = "John";
$email = "john@example.com";
$message = "<script>alert('xss')</script>Hello!";

// Sanitize!
$safeName = htmlspecialchars($name);
$safeEmail = filter_var($email, FILTER_SANITIZE_EMAIL);
$safeMsg = htmlspecialchars($message);

echo "Name: $safeName
";
echo "Email: $safeEmail
";
echo "Message: $safeMsg

";

// Validate
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "✅ Email valid
";
} else {
    echo "❌ Email invalid
";
}

// Validate integer
$age = "25";
if (filter_var($age, FILTER_VALIDATE_INT, ['options' => ['min_range' => 1, 'max_range' => 150]])) {
    echo "✅ Age valid: $age";
}
?>
← Previous
Superglobals
Next →
Sessions