Is this safe enough to use?
$safe_user_input = preg_replace("/[^a-zA-Z0-9\-\/]/", "", $_GET['user_input']);
$sql = "update my_table set user_input = '" . $safe_user_input . "' ";
Assuming I allow slashes, dashes, letters, and numbers only.
I use different methods if I need to include quotes.
$safe_user_input = preg_replace("/[^a-zA-Z0-9\-\/]/", "", $_GET['user_input']);
$sql = "update my_table set user_input = '" . $safe_user_input . "' ";
Assuming I allow slashes, dashes, letters, and numbers only.
I use different methods if I need to include quotes.