How-to articles, tricks, and solutions about SANITIZATION
How to escape strings in SQL Server using PHP?
In PHP, you can use the sqlsrv_real_escape_string() function to escape strings in SQL Server.
Remove all non-numeric characters from a string; [^0-9] doesn't match as expected
You can use the preg_replace function in PHP to remove all non-numeric characters from a string.