Does this PHP function protect against SQL injection?
- by George Edison
I have this function I'm using and I want to be sure that it fully protects against SQL injection attacks:
function MakeSafeForQuery($string)
{
// replace all of the quote
// chars by their escape sequence
$ret = str_replace("\\","\\\\",$string);
$ret = str_replace("'","\\'",$ret);
$ret = str_replace("\"","\\\"",$ret);
return $ret;
}
Am I missing anything serious?