Created
April 20, 2011 22:22
-
-
Save tracend/933111 to your computer and use it in GitHub Desktop.
PHP: Prevent SQL Injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$sql = safeInput("UPDATE table_name SET field_one='%s', field_two='%s' WHERE id='%s'", $input); | |
function safeInput($string, $args){ | |
foreach( $input as $key => $value ){ | |
// 'clean' the input | |
$args[$key] = mysql_real_escape_string($value); | |
} | |
// add the statement as the first element of the array | |
$args[0] = $string; | |
return call_user_func_array('sprintf', array(&$a)); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment