friendsnippets.com - Copy, Paste, Share your code!

SQL Injection prevention

Function that will escape and prepare sql query

 1 <?php
 2 
 3 mysql_connect('localhost', 'guest', 'heslo');
 4 
 5 function my_escape ($format) {
 6 
 7 if (func_num_args() == 1) return $format;
 8 
 9 $data = func_get_args();
10 
11 array_shift($data);
12 
13 foreach ($data as $k=>$v) {
14 
15 $data[$k] = mysql_real_escape_string($v);
16 
17 }
18 
19 return vsprintf ($format, $data);
20 
21 }
22 
23 echo my_escape ('float: %.3f, int: %d', '10.5fgfg', '00100ffd');
24 echo my_escape ('SELECT * FROM ... WHERE foo.id = %d AND foo.pass = \'%s\'', '42foo', 'bla\'bla');
25 echo my_escape ('SELECT * FROM ... WHERE name = \'%s\' AND pass \'%s\'', '123foo', '\' OR 1=1;--');
26 ?>

Posted by lacop to php sql injection php ... saved by 2 persons ... 0 comments ... 1 year, 1 month

showing 10, 25, 50 items per pages

Pages : 1

Friendsnippets

snippets / sql

All snippets tagged sql (1)

SQL Injection prevention

Flux RSS friendsnippet Latest snippets

Friendsnippets

snippets / sql

All snippets tagged sql (1)

SQL Injection prevention

Flux RSS friendsnippetLatest snippets

Flux RSS friendsnippet Latest snippets