Sanitize data to prevent SQL Injection Attacks

/ Published in: PHP
Save to your folder(s)

This is a simple function that sanitizes the data before sending it to MySQL. First it removes whitespaces from the beginning and ending of the string. If magic_quotes_gpc is enabled and the data has been already escaped we will apply stripslashes() to the data. This way the data won’t be escaped twice when mysql_real_escape_string() is called.

$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);

Report this snippet


RSS Icon Subscribe to comments

You need to login to post a comment.