Advanced Search

Sanitize data to prevent SQL Injection Attacks

/ Published in: PHP
Save to your folder(s)
This is a simple function that sanitizes the data before sending it to MySQL. First it removes whitespaces from the beginning and ending of the string. If magic_quotes_gpc is enabled and the data has been already escaped we will apply stripslashes() to the data. This way the data won’t be escaped twice when mysql_real_escape_string() is called.

Example:
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. 1. function sanitize($data)  
  2.    2. {  
  3.    3. // remove whitespaces (not a must though)  
  4.    4. $data = trim($data);   
  5.    5.   
  6.    6. // apply stripslashes if magic_quotes_gpc is enabled  
  7.    7. if(get_magic_quotes_gpc())  
  8.    8. {  
  9.    9. $data = stripslashes($data);  
  10.   10. }  
  11.   11.   
  12.   12. // a mySQL connection is required before using this function  
  13.   13. $data = mysql_real_escape_string($data);  
  14.   14.   
  15.   15. return $data;  
  16.   16. }

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.