Posted By

lajevardi on 02/28/09


Tagged

database sql oop injection security


Versions (?)

Who likes this?

4 people have marked this snippet as a favorite

lajevardi
jfherring
pezland
vali29


Method to prevent SQL Injection attacks.


 / Published in: PHP
 

This is a method of my database class which let me sift the unsafe data inputs down.

  1. public function siftDown($dataStack){
  2. if(!is_array($dataStack)){
  3. $dataStack = ereg_replace("[\'\")(;|`,<>]","",$dataStack);
  4. $dataStack = mysql_real_escape_string(trim($dataStack),$this->connection);
  5. $dataStack = stripslashes($dataStack);
  6. return $dataStack;
  7. }
  8. $safeData = array();
  9. foreach($dataStack as $p=>$data){
  10. $data = ereg_replace("[\'\")(;|`,<>]","",$data);
  11. $data = mysql_real_escape_string(trim($data),$this->connection);
  12. $data = stripslashes($data);
  13. $safeData[$p] = $data;
  14. }
  15. return $safeData;
  16. }

Report this snippet  

You need to login to post a comment.