== How to fix it in Core PHP

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,php,diff-id=1,diff-type=noncompliant]
----
$input = $_GET["input"];

error_log($input); // Noncompliant
----

==== Compliant solution

[source,php,diff-id=1,diff-type=compliant]
----
$input = $_GET["input"];

if(preg_match("/[^A-Za-z0-9-_]/", $input)){
  $safeinput = '[' . base64_encode($input) . ']';
}else{
  $safeinput = $input;
}
error_log($safeinput);
----

include::../../common/fix/how-does-this-work.adoc[]

Here, the example compliant code uses the `preg_match` function to check if the input contains any unsafe character. In which case, the `base64_encode` function is used to prevent any injection while keeping the input original content.