Liquid Fire Posted February 14, 2008 Share Posted February 14, 2008 Is there a function anyone knows of that will clean a value for a general sql insert(like the function works for mysql, mssql, postgresql, etc...). Right now I have created a function in my data class <?php private function safe_value($value) { //we first need to replace any \" and \' that the user might have already escaped(like magic quotes) and the replace and remaining '," $search = array('\"', '"', "\\'", "'"); $replace = array('"', '"', ''', '''); return str_replace($search, $replace, $value); } ?> is this good or do i need to replace extra characters? Quote Link to comment Share on other sites More sharing options...
Isityou Posted February 14, 2008 Share Posted February 14, 2008 Have you tried mysql_real_escape_string()? Quote Link to comment Share on other sites More sharing options...
Liquid Fire Posted February 14, 2008 Author Share Posted February 14, 2008 does that work for mssql, postgresql, and all the other type of databases? Quote Link to comment Share on other sites More sharing options...
Liquid Fire Posted February 15, 2008 Author Share Posted February 15, 2008 anyone? Quote Link to comment Share on other sites More sharing options...
nogray Posted February 15, 2008 Share Posted February 15, 2008 try this one addslashes() http://us.php.net/manual/en/function.addslashes.php Quote Link to comment Share on other sites More sharing options...
Barand Posted February 16, 2008 Share Posted February 16, 2008 addsslashes() will work for MySql but not MSSql, which needs ' changing to '' (two single quotes) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.