what are the best practices to prevent sql injections
Posted
by
s2xi
on Stack Overflow
See other posts from Stack Overflow
or by s2xi
Published on 2011-02-26T22:45:52Z
Indexed on
2011/02/26
23:25 UTC
Read the original article
Hit count: 229
Hi,
I have done some research and still confused, This is my outcome of that research. Can someone please comment and advise to how I can make these better or if there is a rock solid implementation already out there I can use?
Method 1:
array_map('trim', $_GET);
array_map('stripslashes', $_GET);
array_map('mysql_real_escape_string', $_GET);
Method 2:
function filter($data) {
$data = trim(htmlentities(strip_tags($data)));
if (get_magic_quotes_gpc())
$data = stripslashes($data);
$data = mysql_real_escape_string($data);
return $data;
}
foreach($_GET as $key => $value) {
$data[$key] = filter($value);
}
© Stack Overflow or respective owner