Does this PHP function protect against SQL injection?
Posted
by George Edison
on Stack Overflow
See other posts from Stack Overflow
or by George Edison
Published on 2010-03-31T05:00:54Z
Indexed on
2010/03/31
5:03 UTC
Read the original article
Hit count: 336
php
|sql-injection
I have this function I'm using and I want to be sure that it fully protects against SQL injection attacks:
function MakeSafeForQuery($string)
{
// replace all of the quote
// chars by their escape sequence
$ret = str_replace("\\","\\\\",$string);
$ret = str_replace("'","\\'",$ret);
$ret = str_replace("\"","\\\"",$ret);
return $ret;
}
Am I missing anything serious?
© Stack Overflow or respective owner