What's Here?
- Members: 308,847
- Replies: 846,038
- Topics: 141,527
- Snippets: 4,498
- Tutorials: 1,165
- Total Online: 3,120
- Members: 153
- Guests: 2,967
|
"Sanitize" a string of SQL code to prevent SQL injection.
|
Submitted By: sandman85048
|
|
Rating:
  
|
|
Views: 8,835 |
Language: PHP
|
|
Last Modified: December 31, 1969 |
Snippet
/*
Function: sql_sanitize( $sCode )
Description: "Sanitize" a string of SQL code to prevent SQL injection.
Parameters: $sCode: The SQL code which you wish to sanitize.
Example: mysql_query('UPDATE table SET value="' . sql_sanitize("' SET id='4'") . '" WHERE id="1"');
Requirements: PHP version 4 or greater
*/
function sql_sanitize( $sCode ) {
if ( function_exists( "mysql_real_escape_string" ) ) { // If PHP version > 4.3.0
} else { // If PHP version < 4.3.0
$sCode = addslashes( $sCode ); // Precede sensitive characters with a slash \
}
return $sCode; // Return the sanitized code
}
Copy & Paste
|
|
|
|