Code Snippets

PHP Source Code

Welcome to Dream.In.Code
	Become a PHP Expert! Join 308,847 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 3,120 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert

Submitted By: sandman85048

Actions:

Rating:

Views: 8,835

Last Modified: December 31, 1969

/*
Function: sql_sanitize( $sCode )
Description: "Sanitize" a string of SQL code to prevent SQL injection.
Parameters: $sCode: The SQL code which you wish to sanitize.
Example: mysql_query('UPDATE table SET value="' . sql_sanitize("' SET id='4'") . '" WHERE id="1"');
Requirements: PHP version 4 or greater
*/
function sql_sanitize( $sCode ) {
if ( function_exists( "mysql_real_escape_string" ) ) { // If PHP version > 4.3.0
$sCode = mysql_real_escape_string( $sCode ); // Escape the MySQL string.
} else { // If PHP version < 4.3.0
$sCode = addslashes( $sCode ); // Precede sensitive characters with a slash \
}
return $sCode; // Return the sanitized code
}

Comments
capoenkz 2009-01-30 08:26:52
how to use it??? i'm new here.... thx
huzi8t9 2009-04-07 20:30:23
CODE $code = '<script language="javascript"> body.onload = top.location = "http://www.google.co.uk" </script>'; //^^Code submitted by a bad user $new_code = sql_sanitize($code); //insert your code to the database. mysql_query("INSERT INTO table (comment) VALUES('$new_code');"); Hope this helps. Also, I hope it's right :)