Re: Relatively simple PHP function to block sql injection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ok, now got this from w3schools.com:

function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
 {
 $value = stripslashes($value);
 }
// Quote if not a number
if (!is_numeric($value))
 {
 $value = "'" . mysql_real_escape_string($value) . "'";
 }
return $value;
}

Will test it a bit, and see how it goes, but basically makes sense.

Stay well

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message ----- From: "Louis Solomon" <louis@xxxxxxxxxxxxxx> 
To: <php-windows@xxxxxxxxxxxxx>
Sent: Wednesday, August 05, 2009 7:40 AM
Subject: RE:  Relatively simple PHP function to block sql injection



mysql_real_escape_string() / mysqli_real_escape_string()

Louis Solomon
www.SteelBytes.com

-----Original Message-----
From: Jacob Kruger [mailto:jacobk@xxxxxxxxxxxxxx]
Sent: Wednesday, 5 August 2009 2:58 PM
To: php-windows@xxxxxxxxxxxxx
Subject:  Relatively simple PHP function to block sql injection

Haven't gotten around to really looking for this too much, and currently
really only replace any single 's with double ones before performing an
insert into MySQL, but was just wondering if there are any 'standard' PHP
functions out there that get used to block any form of attempted sql
injection?

TIA

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4306 (20090804) __________ 

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4307 (20090805) __________ 

The message was checked by ESET NOD32 Antivirus.
http:// 

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4307 (20090805) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]
  Powered by Linux