Published in: PHP
function cleanuserinput($dirty){ }else{ } return $clean; }
Comments
Subscribe to comments
You need to login to post a comment.
llbbl on 05/27/07
mysql php textmate security sql-injection

88 people have marked this snippet as a favorite
Roshambo
maxav
basicmagic
rjmestre
johnself
cynic68
MartinY
m0rris
depmed
bitcrumb
fael
togi
vali29
heinz1959
apocalip
benrasmusen
coggla
Steffen82
emuman
JimiJay
DFCNT
Morgano
wirjo
wbowers
Nils
Baris
dyesin
digiloper
romanos
mmccrack
pixelhandler
JustinCrossman
jayjansheskigmailcom
Mithun
Leech
tikitakfire
sumandahal
willwish
Shocm
joaosalless
salibaray
iconsis
luggnagger
baqc
thermosilla
LostCore
wizard04
Hilyin
Nix
kungpoo
tjombka
vevhlos
ntulip
xtheonex
localhorst
rizzn2k
tewoos
owais
kernelpanics
rezzz
publicbroadcast
maorb
hamiltonmascioli
thadwheeler
nb109
gtalmes
exentrich
jcroom
joet3ch
acosonic
KF
Gr33d
j4kp07
rene-design
sultano
polarbear
kellyrmartin
gutierrezgcf
GandalfGrey
afj176
cindreta
bigredjoe
quoctien82
jaff
larste
khaled
oktijum
tariel
Published in: PHP
function cleanuserinput($dirty){ }else{ } return $clean; }
Subscribe to comments
You need to login to post a comment.
Please note almost any string values used in mysql queries should be escaped and not all of these values is user input which has escaped characters from magic quotes GPC. (e.g. regular vars from the script)
I'd add an additional optional parameter (bool) which defines, whether the parameter $dirty is coming from a GPC variable or not. :)
Note: mysqlrealescapestring() requires that a valid mysql connection (mysqlconnect()) exists to work... see the PHP manual for details.
"mysqlrealescapestring() requires that a valid mysql connection"
The "mysql_" appended to the function might have been a clue. :)
*append = prefix
With mysqlrealescape_string alone, you are not 100% secure, consider going for function titled "Prevent SQL Injection".
With mysqlrealescape_string alone, you are not 100% secure, consider going for function titled "Prevent SQL Injection".