Advanced Search

mysql_safe_query to prevent SQL injection

/ Published in: PHP
Save to your folder(s)

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. function mysql_safe_string($value) {
  2.     if(empty($value))           return 'NULL';
  3.     elseif(is_string($value))   return '\''.mysql_real_escape_string(trim($value)).'\'';
  4.     elseif(is_numeric($value))  return $value;
  5.     elseif(is_array($value))    return implode(',',array_map('mysql_safe_string',$value));
  6.     else                        return false;
  7. }
  8.  
  9. function mysql_safe_query($format) {
  10.     $args = array_slice(func_get_args(),1);
  11.     $args = array_map('mysql_safe_string',$args);
  12.     $query = vsprintf($format,$args);
  13.     return mysql_query($query);
  14. }

URL: http://programanddesign.com/php/marks-php-snippets/

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.