iantoo

Thank for your help, I have replaced the line with $str = mysql_real_escape_string($str); Is that secure enough?

Hi, I wonder if someone could help me, Just moved to a new server running PHP5 and getting the "Deprecated: Function sql_regcase() is deprecated" error, I don't want to disable the messages in php.ini, I would prefer to get the coding right. The error relates to the anti-injection function posted below:- function anti_injection($sql) { // removes words that contain sql syntax $s = array("`","~","!","@","#","$","%","^","&","*","(",")","+","=","[","]",";","<",">","http","//","www"); $sql = str_replace($s, "", $sql); $sql = preg_replace(sql_regcase("/(from|truncate|expalin|select|insert|delete|where|update|empty|drop table|limit|show tables|#|\*|--|\\\\)/"),"",$sql); $sql = trim($sql); // strip whitespace $sql = strip_tags($sql); // strip HTML and PHP tags $sql = addslashes($sql); // quote string with slashes return $sql; } If anyone can help recode the snippet it would be greatly appreciated. Thanks Ian