Posted By

adamcoulombe on 10/06/09


Tagged

database sql php String security sanitize


Versions (?)

Who likes this?

5 people have marked this snippet as a favorite

heinz1959
profpatsy
aleksanderek
kurse
jajourda


Sanitize a PHP string for input into a Database


 / Published in: PHP
 

  1. function sanitize_sql_string($string, $min='', $max='')
  2. {
  3. $pattern[0] = '/(\\\\)/';
  4. $pattern[1] = "/\"/";
  5. $pattern[2] = "/'/";
  6. $replacement[0] = '\\\\\\';
  7. $replacement[1] = '\"';
  8. $replacement[2] = "\\'";
  9. $len = strlen($string);
  10. if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
  11. return FALSE;
  12. return preg_replace($pattern, $replacement, $string);
  13. }
  14. //usage
  15. //sanitize_sql_string($an_unsafe_string);

Report this snippet  

You need to login to post a comment.