Jump to content

[SOLVED] Help with my function

onlyican

By onlyican
in PHP Coding Help

Recommended Posts

onlyican Advanced Member

onlyican

Posted
Posted
Hey people
Merry Christmas, and a happy new year to ya all

Now

I have a function, which secures against SQL Injection.

[code]
<?php

function MakeSafe($str, $lower = false){
if($lower == true){
$str = strtolower($str);
}
$str = eregi_replace("%", "", $str);
$str = eregi_replace("--","",$str);
$str = stripslashes($str);
$str = strip_tags($str);
$str = htmlspecialchars($str);
$str = trim($str);
$str = mysql_real_escape_string($str);



return $str;
}

?>
[/code]



I used to enter some code like
"It's just a test"

And it would come out like
It\\\'s just a test

So I added Stripslashes
NOW

on my Local machine

I added the following

[quote]
It's Just a test
Does it work
[/quote]
In my MySQL Table
It reads
Its Just a TestnrDoes it work

The Stripslashes has removed ALL slashes, and the mysql_real_escape_string has not added the main ones in (it's needs one)

BUT
On My Server, It works as it should, having \n\r and it\'s
So I am guessing it is a setting thing
Any ideas?

Link to comment
https://forums.phpfreaks.com/topic/32041-solved-help-with-my-function/
Share on other sites
alpine Member

alpine

Posted
Posted
You should check if get_magic_quotes is on or not before running stripslashes

example:
[code]
<?php

function MakeSafe($str, $lower = false){

if(get_magic_quotes_gpc()){
$str = stripslashes($str);
}

if($lower == true){
  $str = strtolower($str);
}

$str = str_replace(array("%","--"),"", htmlspecialchars(strip_tags(trim($str)), ENT_QUOTES));

return mysql_real_escape_string($str);
}

?>
[/code]

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.