Does this PHP function protect against SQL injection?

Posted by George Edison on Stack Overflow See other posts from Stack Overflow or by George Edison
Published on 2010-03-31T05:00:54Z Indexed on 2010/03/31 5:03 UTC
Read the original article Hit count: 337

Filed under:
|

I have this function I'm using and I want to be sure that it fully protects against SQL injection attacks:

function MakeSafeForQuery($string)
{
    // replace all of the quote
    // chars by their escape sequence

    $ret = str_replace("\\","\\\\",$string);
    $ret = str_replace("'","\\'",$ret);
    $ret = str_replace("\"","\\\"",$ret);

    return $ret;
}

Am I missing anything serious?

© Stack Overflow or respective owner

Related posts about php

Related posts about sql-injection