Sanitize a PHP string for input into a Database - PHP Snipplr Social Repository

Revision: 18692

at October 6, 2009 10:22 by adamcoulombe

Initial Code

function sanitize_sql_string($string, $min='', $max='')
{
  $pattern[0] = '/(\\\\)/';
  $pattern[1] = "/\"/";
  $pattern[2] = "/'/";
  $replacement[0] = '\\\\\\';
  $replacement[1] = '\"';
  $replacement[2] = "\\'";
  $len = strlen($string);
  if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
    return FALSE;
  return preg_replace($pattern, $replacement, $string);
}
//usage
//sanitize_sql_string($an_unsafe_string);

Initial URL

Initial Description

Initial Title

Sanitize a PHP string for input into a Database

Initial Tags

database, sql, php, security

Initial Language

PHP

Choose a language for easy browsing: