general function to clean value for for sql insert

Liquid Fire · February 14, 2008

Is there a function anyone knows of that will clean a value for a general sql insert(like the function works for mysql, mssql, postgresql, etc...). Right now I have created a function in my data class

<?php
private function safe_value($value)
{
//we first need to replace any \" and \' that the user might have already escaped(like magic quotes) and the replace and remaining ',"
        $search = array('\"', '"', "\\'", "'");
        $replace = array('&#34;', '&#34;', '&#39;', '&#39;');
return str_replace($search, $replace, $value);
}
?>

is this good or do i need to replace extra characters?

Isityou · February 14, 2008

Have you tried mysql_real_escape_string()?

Liquid Fire · February 14, 2008

does that work for mssql, postgresql, and all the other type of databases?

Liquid Fire · February 15, 2008

anyone?

nogray · February 15, 2008

try this one

addslashes()

http://us.php.net/manual/en/function.addslashes.php

Barand · February 16, 2008

addsslashes() will work for MySql but not MSSql, which needs ' changing to '' (two single quotes)

Sign In

general function to clean value for for sql insert

Recommended Posts

Liquid Fire

Link to comment

Share on other sites

Isityou

Link to comment

Share on other sites

Liquid Fire

Link to comment

Share on other sites

Liquid Fire

Link to comment

Share on other sites

nogray

Link to comment

Share on other sites

Barand

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information