what are the best practices to prevent sql injections

Posted by s2xi on Stack Overflow See other posts from Stack Overflow or by s2xi
Published on 2011-02-26T22:45:52Z Indexed on 2011/02/26 23:25 UTC
Read the original article Hit count: 229

Filed under:
|
|

Hi,

I have done some research and still confused, This is my outcome of that research. Can someone please comment and advise to how I can make these better or if there is a rock solid implementation already out there I can use?

Method 1:

array_map('trim', $_GET);
array_map('stripslashes', $_GET);
array_map('mysql_real_escape_string', $_GET);

Method 2:

function filter($data) {
    $data = trim(htmlentities(strip_tags($data)));

    if (get_magic_quotes_gpc())
        $data = stripslashes($data);

    $data = mysql_real_escape_string($data);

    return $data;
}

foreach($_GET as $key => $value) {
    $data[$key] = filter($value);
}

© Stack Overflow or respective owner

Related posts about php

Related posts about sql