Published in: PHP
function cleanuserinput($dirty){ }else{ } return $clean; }
Comments
Subscribe to comments
You need to login to post a comment.
Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems
Wicked Cool PHP contains a wide variety of scripts to process credit cards, check the validity of email addresses, template HTML, and serve dynamic images and text.
llbbl on 05/27/07
mysql php textmate security sql-injection
32 people have marked this snippet as a favorite
Roshambo
maxav
basicmagic
rjmestre
johnself
cynic68
MartinY
m0rris
depmed
bitcrumb
fael
togi
vali29
heinz1959
apocalip
benrasmusen
coggla
Steffen82
emuman
JimiJay
DFCNT
Morgano
wbowers
Nils
Baris
dyesin
digiloper
romanos
mmccrack
pixelhandler
JustinCrossman
jayjansheskigmailcom
Published in: PHP
function cleanuserinput($dirty){ }else{ } return $clean; }
Subscribe to comments
You need to login to post a comment.
*append = prefix
"mysqlrealescapestring() requires that a valid mysql connection"
The "mysql_" appended to the function might have been a clue. :)
Note: mysqlrealescapestring() requires that a valid mysql connection (mysqlconnect()) exists to work... see the PHP manual for details.
Please note almost any string values used in mysql queries should be escaped and not all of these values is user input which has escaped characters from magic quotes GPC. (e.g. regular vars from the script)
I'd add an additional optional parameter (bool) which defines, whether the parameter $dirty is coming from a GPC variable or not. :)