Advanced Search

Sanitize a PHP string for input into a Database

/ Published in: PHP
Save to your folder(s)

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. function sanitize_sql_string($string, $min='', $max='')
  2. {
  3.   $pattern[0] = '/(\\\\)/';
  4.   $pattern[1] = "/\"/";
  5.   $pattern[2] = "/'/";
  6.   $replacement[0] = '\\\\\\';
  7.   $replacement[1] = '\"';
  8.   $replacement[2] = "\\'";
  9.   $len = strlen($string);
  10.   if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
  11.     return FALSE;
  12.   return preg_replace($pattern, $replacement, $string);
  13. }
  14. //usage
  15. //sanitize_sql_string($an_unsafe_string);

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.