I am trying to make a PHP form where the user inputs a text string, and then it is stored in MYSQL db
1.php
Code:
<form action="2.php" method="post">
Your name: <input type="text" name="txt_name" />
<input type="submit" />
</form>
2.php
Code:
<?php echo filter_var ($_POST["txt_name"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH) ; ?>
In 2.php instead of the echo i want to send it to the db
Both web pages are UTF 8. I want the db to accept any foreign language characters too, as long as they are database-safe
With FILTER_FLAG_STRIP_HIGH , foreign language characters are removed but injection attempts are not :
input
output
With FILTER_FLAG_STRIP_LOW , no filtering happens at all :
output
How to do it right ?