Code Snippets

  

PHP Source Code


Welcome to Dream.In.Code
Become a PHP Expert!

Join 137,219 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 2,231 people online right now. Registration is fast and FREE... Join Now!





SQL Sanitize

"Sanitize" a string of SQL code to prevent SQL injection.

Submitted By: sandman85048
Actions:
Rating:
Views: 4,722

Language: PHP

Last Modified: December 31, 1969

Snippet


  1. /*
  2. Function: sql_sanitize( $sCode )
  3. Description: "Sanitize" a string of SQL code to prevent SQL injection.
  4. Parameters: $sCode: The SQL code which you wish to sanitize.
  5. Example: mysql_query('UPDATE table SET value="' . sql_sanitize("' SET id='4'") . '" WHERE id="1"');
  6. Requirements: PHP version 4 or greater
  7. */
  8. function sql_sanitize( $sCode ) {
  9.         if ( function_exists( "mysql_real_escape_string" ) ) { // If PHP version > 4.3.0
  10.                 $sCode = mysql_real_escape_string( $sCode ); // Escape the MySQL string.
  11.         } else { // If PHP version < 4.3.0
  12.                 $sCode = addslashes( $sCode ); // Precede sensitive characters with a slash \
  13.         }
  14.         return $sCode; // Return the sanitized code
  15. }

Copy & Paste


Comments


There are currently no comments for this snippet. Be the first to comment!

Add comment


You must be registered and logged on to </dream.in.code> to leave comments.





Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

DIC Chatroom

Bye Bye Ads

Monthly Drawing

Thumb Drive

Top Contributors

Top 10 Kudos This Month