b2k Posted June 13, 2008 Share Posted June 13, 2008 Hi, I found this function for prevent SQL injection. But I don't know how to use it <?php function sql_sanitize( $sCode ) { if ( function_exists( "mysql_real_escape_string" ) ) { // If PHP version > 4.3.0 $sCode = mysql_real_escape_string( $sCode ); // Escape the MySQL string. } else { // If PHP version < 4.3.0 $sCode = addslashes( $sCode ); // Precede sensitive characters with a backslash \ } return $sCode; // Return the sanitized code } ?> Here are my vars: $name=$_POST['name']; $email=$_POST['email']; thanks Link to comment https://forums.phpfreaks.com/topic/110071-solved-how-to-use-this-function/ Share on other sites More sharing options...
craygo Posted June 13, 2008 Share Posted June 13, 2008 <?php function sql_sanitize( $sCode ) { if ( function_exists( "mysql_real_escape_string" ) ) { // If PHP version > 4.3.0 $sCode = mysql_real_escape_string( $sCode ); // Escape the MySQL string. } else { // If PHP version < 4.3.0 $sCode = addslashes( $sCode ); // Precede sensitive characters with a backslash \ } return $sCode; // Return the sanitized code } $name = sql_sanitize($_POST['name']); $email = sql_sanitize($_POST['email']); ?> Ray Link to comment https://forums.phpfreaks.com/topic/110071-solved-how-to-use-this-function/#findComment-564819 Share on other sites More sharing options...
b2k Posted June 13, 2008 Author Share Posted June 13, 2008 Thx Was easy...I'm learning Link to comment https://forums.phpfreaks.com/topic/110071-solved-how-to-use-this-function/#findComment-564833 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.