Input sanitization ni mchakato wa kusafisha data inayopokelewa kutoka kwa users kabla ya kuitumia kwenye database, HTML page, au system nyingine.

Faida:

Kuzuia XSS (Cross-Site Scripting) attacks.

Kuzuia SQL Injection kwenye database queries.

Kuweka data safi na salama kwa processing zaidi.

Goal: Ensure all user input is validated, sanitized, and safe.

βš™οΈ 2. HTML Form Example
<h2>Contact Form</h2>
<form action="process.php" method="POST">
<input type="text" name="name" placeholder="Your Name" required><br><br>
<input type="email" name="email" placeholder="Your Email" required><br><br>
<textarea name="message" placeholder="Your Message" required></textarea><br><br>
<button type="submit" name="submit">Send</button>
</form>


Inputs kutoka user lazima zisafishwe kabla ya kutumika.

🧩 3. PHP Input Sanitization Example (process.php)
<?php
if(isset($_POST['submit'])){
// Sanitize name
$name = htmlspecialchars(strip_tags(trim($_POST['name'])));

// Sanitize email
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);

// Sanitize message
$message = htmlspecialchars(strip_tags(trim($_POST['message'])));

// Validate email
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
die("❌ Invalid email address.");
}

// Safe to use sanitized variables
echo "βœ… Name: $name <br>";
echo "βœ… Email: $email <br>";
echo "βœ… Message: $message <br>";
}
?>


πŸ’‘ Maelezo:

trim() inatoa spaces zisizo na maana mwanzoni/mwisho.

strip_tags() inatoa HTML tags zisizo salama.

htmlspecialchars() inazuia XSS attacks.

filter_var() inasafisha na validate emails.

πŸ”‘ 4. Tips for Security

Always sanitize user input – text, emails, numbers, URLs.

Use prepared statements for database queries – prevent SQL injection.

Escape output before displaying – htmlspecialchars() for HTML output.

Validate inputs – check type, length, format.

Never trust user input – assume everything could be malicious.

βœ… 5. Hitimisho

Input sanitization ni essential kwa security ya PHP web applications.

Combine sanitization, validation, escaping, na prepared statements kwa maximum protection.

Best practices: clean input, validate format, escape output, protect database.

πŸ”— Tembelea:

πŸ‘‰ https://www.faulink.com/

Kwa mafunzo zaidi ya PHP, input handling, na secure web application development.