User inputs, clean and sanitize before sending to db

Question

I\'ve searched a lot of the questions here and I found that they either very old or suggesting using prepared statements PDO which I am not

Answer 1

filter_input could be another one you are looking for. It can save you hours from writing sanitizing and validation code. Of course, it does not cover every single case, but there is enough so that you can focus more on specific filtering/validating code.

Though it is strongly recommended to use prepared statements with PDO/mysqli. But sometimes it is not so easy to convert the whole project in the tail end of the project. You should learn PDO/mysqli for your next project.

$comment = filter_input(INPUT_POST, 'comment', FILTER_SANITIZE_STRING);

There are different Types of filters for you. You can select depending on your needs. You can also use filter_has_var to check for variable set.