SQL Injection - function wanted

[DimitriDV]

Hi there, we all know what a SQL Injection is, but how can we secure EVERY form we make from now on with only one function?

Does anyone have an example? I'm not really planning on rewriting every code over and over again... Which is by the way the complete code to prevent a SQL injection?

 

We need to be 100% sure that this does not occur, since we have a lot of personal data in our database.

 

 

ps: or is mysql_real_escape_string enough to be 100% sure?

[5kyy8lu3]

Hi there, we all know what a SQL Injection is, but how can we secure EVERY form we make from now on with only one function?

Does anyone have an example? I'm not really planning on rewriting every code over and over again... Which is by the way the complete code to prevent a SQL injection?

 

We need to be 100% sure that this does not occur, since we have a lot of personal data in our database.

 

 

ps: or is mysql_real_escape_string enough to be 100% sure?

I don't have an answer to your question but this is the function I use for my form inputs, I feel pretty safe with it

<?php
function scrubber($dirty, $cxn)
{
$dirty2 = strip_tags(trim(mysqli_real_escape_string($cxn, $dirty)));
$clean = filter_var($dirty2,FILTER_SANITIZE_STRING);
return $clean;
}
?>

the only downside is that for strings you paste to the browser you see that unsightly backslash anywhere you use an apostrophe, but anywhere you'd paste a string that has been escaped you can just use this quick line to remove them before printing to the browser:

$New_String = ereg_replace("[\]", "", $Old_String);

works like a charm

 

but don't quote me, I'm pretty new to php/mysql, just showin ya what direction I went when I had your same question