Menu
Here is what I have now.
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['date']))));
I was told that I need to make sure that the $date is safe/legit before passing it to strtotime(). How do I do that? I've looked up https://www.php.net/strtotime but it really doesn't tell me what I'm looking for I think.
Can someone explain to me in a little better detail how to clean submit to strtotime?
253
There's no real reason to sanitize the value beforehand. The worst thing that can happen is that the time isn't valid and strtotime() returns false (which you can also use to check whether the date string was valid).
Also, there's no reason to trim and escape the date( 'Y-m-d' ) function's return value: it will never return values with trailing whitespace or anything that should be escaped.
103
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
