Skip to content

Instantly share code, notes, and snippets.

@tracend

tracend/stop_sql_injection.php

Created April 20, 2011 22:22
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save tracend/933111 to your computer and use it in GitHub Desktop.
Save tracend/933111 to your computer and use it in GitHub Desktop.
Download ZIP
PHP: Prevent SQL Injection
Raw
stop_sql_injection.php
$sql = safeInput("UPDATE table_name SET field_one='%s', field_two='%s' WHERE id='%s'", $input);
function safeInput($string, $args){
foreach( $input as $key => $value ){
// 'clean' the input
$args[$key] = mysql_real_escape_string($value);
}
// add the statement as the first element of the array
$args[0] = $string;
return call_user_func_array('sprintf', array(&$a));
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment