Wolphie Posted April 17, 2008 Share Posted April 17, 2008 Hey, I'm in the middle of working on an in-depth MySQL class to ease to process of MySQL functions and error handing. My main question is, what would be the best way to secure the query? Without having to secure each individual item that's inserted. I thought about making a function to loop through a POST array, and then sanitize the items. Is there any better way? function sanitize($str) { if(!get_magic_quotes_gpc()) { foreach($str as $key => $value) { $str[$key] = mysql_real_escape_string(htmlspecialchars(htmlentities($value))); } return $str; } return false; } Quote Link to comment Share on other sites More sharing options...
soycharliente Posted April 17, 2008 Share Posted April 17, 2008 That's pretty much how I do it as well. <?php function myEscape($string) { dbconnect(); $new = get_magic_quotes_gpc() ? stripslashes($string) : $string; $safe = mysql_real_escape_string($new); dbclose(); return $safe; } foreach ($_POST as $key => $val) { $_POST[$key] = myEscape($val); } ?> Quote Link to comment Share on other sites More sharing options...
Wolphie Posted April 17, 2008 Author Share Posted April 17, 2008 I've updated my code, so if theres any "unique" fields such as a field allowing HTML or something similar, it can be ignored. I also intergrated some of your code, hope you don't mind. function sanitize($str, $spec = '') { if(!get_magic_quotes_gpc()) { if(!empty($spec)) { foreach($spec as $array) $spec = $array; } foreach($str as $key => $value) { if($key == $spec) return false; else { $new = get_magic_quotes_gpc() ? stripslashes($value) : $value; $new = htmlspecialchars($new); $new = htmlentities($new); $safe = mysql_real_escape_string($new); $str[$key] = $safe; } } return $str; } } Quote Link to comment Share on other sites More sharing options...
soycharliente Posted April 18, 2008 Share Posted April 18, 2008 I don't mind. I "stole" part of it from someone else in here anyway Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.