Return to Snippet

Revision: 12225
at March 6, 2009 17:12 by naz


Initial Code
function _clean($str){ 
return is_array($str) ? array_map('_clean', $str) : str_replace("\\", "\\\\", htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES)); 
}

//usage call it somewhere in beginning of your script
_clean($_POST);
_clean($_GET);
_clean($_REQUEST);// and so on..

Initial URL


Initial Description
This little function helps to fight common security issue with SQL injections, it can sanitize any global variable like $_POST, $_GET, $_SERVER etc and escape unsafe characters.

Initial Title
Clean variables from SQL injections

Initial Tags
sql, post, array, security

Initial Language
PHP