This is a continuation of the PHP coding articles I have been writing. This article covers a very important basic in PHP development, escaping data. Everywhere there is a heavy PHP development that requires inserting information into a Database, if it is scripted correctly you will see that this information/data is more than likely escaped. Escaping data is very important to maintaining the integrity of what goes into a database.
Golden Rule: Any data that is not filtered or escaped and is sent via means of someone else on your website is considered tainted. Let’s take a form submission for example. Jack Johnson fills out a contact form with his name, email, description and subject and pressed SEND. All of this text is considered tainted until escaped/filtered. Hackers just love to use contact forms for SQL injections and is an age old trick to gain access to areas of your server.