Sanitize data means "Remove any illegal character from the data".

Best methods for sanitizing in php are given below.

Method 1 - Sanitize user-input when we are using Mysql Query.

For this case you have to use real_escape_string of mysqli.

For Example:

$mysqliObj = new mysqli("localhost", "root", "", "mydb");
$city = $mysqliObj->real_escape_string($_POST['city']);
if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
    printf("%d Row inserted.\n", $mysqli->affected_rows);
}

Method 2 -Sanitize user-input when insert in to a database and displaying in to Browser.

For this case you have to use htmlentities and html_entity_decode.

For Example:

echo htmlentities($data['description']);//at the time of insert in database 
echo html_entity_decode($data['description']); //at the time of display in browser from database

Method 3 -Sanitize user-input when you are using Command Prompt.

For this case you have to use escapeshellarg.

For Example:

system('ls '.escapeshellarg($data['dir']));