Posted By

jmiller on 11/01/09


Tagged

mysql sql injection query safe


Versions (?)

Who likes this?

11 people have marked this snippet as a favorite

vali29
aleksanderek
pster
farondomenicgmailcom
xmartyxcorex
jirimelcak
jlan
nb109
BrianCoyDesign
colingardom
wirenaught


mysql_safe_query to prevent SQL injection


 / Published in: PHP
 

URL: http://programanddesign.com/php/marks-php-snippets/

  1. function mysql_safe_string($value) {
  2. if(empty($value)) return 'NULL';
  3. elseif(is_string($value)) return '\''.mysql_real_escape_string(trim($value)).'\'';
  4. elseif(is_numeric($value)) return $value;
  5. elseif(is_array($value)) return implode(',',array_map('mysql_safe_string',$value));
  6. else return false;
  7. }
  8.  
  9. function mysql_safe_query($format) {
  10. $args = array_slice(func_get_args(),1);
  11. $args = array_map('mysql_safe_string',$args);
  12. $query = vsprintf($format,$args);
  13. return mysql_query($query);
  14. }

Report this snippet  

You need to login to post a comment.