Don’t ever trust your users. Always validate, sanitize and escape every piece of information that saves into and read out of your database.
So, what exactly validation, sanitization and escaping? Do we really need them?
- Validation is the ruleset to make sure data received from end user is in correct format that you expect it to be.
- Sanitization is the process of removing unwanted character or information received from end user before saving it to the database.
- Escaping is the process of cleaning data that you have in your database before displaying it to the end user.