Your Ad Here

advanced code snippet search

Posted By

naz on 03/06/09


Tagged

get sql post array String request security injections


Versions (?)

Who likes this?

6 people have marked this snippet as a favorite

naz
jamesming
vali29
aleksanderek
tolka
chris5marsh


Clean variables from SQL injections

 / Published in: PHP
 

This little function helps to fight common security issue with SQL injections, it can sanitize any global variable like $POST, $GET, $_SERVER etc and escape unsafe characters.

Expand | Embed | Plain Text 
  1. function _clean($str){ 
  2. return is_array($str) ? array_map('_clean', $str) : str_replace("\\", "\\\\", htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES)); 
  3. }
  4.  
  5. //usage call it somewhere in beginning of your script
  6. _clean($_POST);
  7. _clean($_GET);
  8. _clean($_REQUEST);// and so on..

Report this snippet  

You need to login to post a comment.