To ensure security, what filtering does PHP need to perform on submitted data? What should I do?

To ensure security, what filtering does PHP need to perform on submitted data? Take the simplest user logon as an example. for example, $ _ POST ['username'], $ _ POST ['password'], which of the following authentication are required for SQL query ?, At least escape single quotes to prevent SQL injection and filter submitted data to ensure security?
Take the simplest user logon as an example. for example, $ _ POST ['username'], $ _ POST ['password'], which of the following authentication are required for SQL query?

------ Solution --------------------
At least escape single quotes are required to prevent SQL injection and escape <> to prevent XSS attacks.
There are some ready-made functions htmlspecialchars ($ _ POST ['username'], ENT_QUOTES)
------ Solution --------------------
This is mysql Injection. for details, refer:

Http://php.net/manual/en/security.database.sql-injection.php

Solution

Http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php

The main anti-quotation mark escape mysql_real_escape_string

If conditions exist, filter out words such as drop. delete, insert, and update.

------ Solution --------------------
For SQL queries, you only need mysql_real_escape_string. this is to ensure that the SQL statements can be correctly executed, but it can also prevent some security issues.

If you have other requirements for data, you can perform other verification and filtering, such as the length of the user name/password and allowed characters, but these depend on your business needs.

Conversion or filtering of html entity is required for possible output content, which must be determined based on the actual business.

All in all, no requirements, no solutions