Tuesday, 15 October 2013

Function to Avoid SQL Injection 

function clean_input($input)
{
   $input = trim($input);
   
   //check to see if magic quotes are turned on
   if(get_magic_quotes_gpc())
   {   
   $input = stripslashes($input);
   }
   
   //check for numeric values, if not
   //clean it
   if(!is_numeric($input))
   {
  $input = mysql_escape_string($input);
   }
   return($input);
}
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)